| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
no actual behavior changes
|
|
Remove support for "GET /tor/bytes.txt" DirPort request, and
"GETINFO dir-usage" controller request, which were only available
via a compile-time option in Tor anyway.
Feature was added in 0.2.2.1-alpha. Resolves ticket 19035.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
I introduced this bug when I moved signing_key_cert into
signed_descriptor_t. Bug not in any released Tor. Fixes bug 19175, and
another case of 19128.
Just like signed_descriptor_from_routerinfo(), routerlist_reparse_old()
copies the fields from one signed_descriptor_t to another, and then
clears the fields from the original that would have been double-freed by
freeing the original. But when I fixed the s_d_f_r() bug [#19128] in
50cbf220994c7cec593, I missed the fact that the code was duplicated in
r_p_o().
Duplicated code strikes again!
For a longer-term solution here, I am not only adding the missing fix to
r_p_o(): I am also extracting the duplicated code into a new function.
Many thanks to toralf for patiently sending me stack traces until
one made sense.
|
|
Also, use it in routerparse.c
|
|
|
|
|
|
|
|
Now that the field exists in signed_descriptor_t, we need to make
sure we free it when we free a signed_descriptor_t, and we need to
make sure that we don't free it when we convert a routerinfo_t to a
signed_descriptor_t.
But not in any released Tor. I found this while working on #19128.
One problem: I don't see how this could cause 19128.
|
|
Fix for bug 19130.
|
|
|
|
|
|
|
|
|
|
Comment-only change
|
|
|
|
|
|
|
|
|
|
No behaviour change
This function is used twice. The code is simpler if we split
it up and inline it where it is used.
|
|
Previosuly, during bootstrap, we would continue to download
consensuses if we had a consensus, but didn't have the certificates
to validate it.
|
|
|
|
With the fix for #17150, I added a duplicate certificate here. Here
I remove the original location in 0.2.8. (I wouldn't want to do
that in 027, due to the amount of authority-voting-related code
drift.)
Closes 19073.
|
|
|
|
|
|
This API change makes it so that routerinfo_incompatible...() no
longer takes a routerinfo_t, so that it's obvious that it should
only look at fields from the signed_descriptor_t.
This change should prevent a recurrence of #17150.
|
|
We need to make sure that the corresponding sd and ei match in their
certificates.
|
|
We need this field to be in signed_descriptor_t so that
routerinfo_incompatible_with_extrainfo can work correctly (#17150).
But I don't want to move it completely in this patch, since a great
deal of the code that messes with it has been in flux since 0.2.7,
when this ticket was opened. I should open another ticket about
removing the field from routerinfo_t and extrainfo_t later on.
This patch fixes no actual behavior.
|
|
|
|
The routerinfo we pass to routerinfo_incompatible_with_extrainfo is
the latest routerinfo for the relay. The signed_descriptor_t, on
the other hand, is the signed_descriptor_t that corresponds to the
extrainfo. That means we should be checking the digest256 match
with that signed_descriptor_t, not with the routerinfo.
Fixes bug 17150 (and 19017); bugfix on 0.2.7.2-alpha.
|
|
This patch includes no semantic changes; it's just a field movement.
It's prerequisite for a fix to 19017/17150.
|
|
|
|
|
|
|
|
no behavior changes
|
|
When parsing detached signature, we make sure that we use the length of the
digest algorithm instead of an hardcoded DIGEST256_LEN in order to avoid
comparing bytes out of bound with a smaller digest length such as SHA1.
Fixes #19066
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
There were some conflicts here, and some breakage to fix concerning
library link order in newer targets.
|
|
This way it gets the ctime options.
|
|
This type saved a tiny amount of allocation, but not enough to be
worth keeping.
(This is in preparation for moving choose_array_element_by_weight)
|
|
We know there are overflows in curve25519-donna-c32, so we'll have
to have that one be fwrapv.
Only apply the asan, ubsan, and trapv options to the code that does
not need to run in constant time. Those options introduce branches
to the code they instrument.
(These introduced branches should never actually be taken, so it
might _still_ be constant time after all, but branch predictors are
complicated enough that I'm not really confident here. Let's aim for
safety.)
Closes 17983.
|
|
|
|
|
