summaryrefslogtreecommitdiff
path: root/src/or
AgeCommit message (Collapse)Author
2017-01-17Fix a double-free in rend_config_services()Nick Mathewson
Found by coverity scan; CID 1398917
2017-01-16Merge remote-tracking branch 'public/ticket20921'Nick Mathewson
2017-01-14Disallow setting UseBridges to 1 and UseEntryGuards to 0Neel Chauhan
2017-01-13Merge remote-tracking branch 'dgoulet/bug20307_030_01'Nick Mathewson
2017-01-13Merge branch 'ipv6-only-client_squashed'Nick Mathewson
2017-01-13Remove redundant boolean expression from firewall_is_fascist_impl()teor
Let A = UseBridges Let B = ClientUseIPv4 Then firewall_is_fascist_impl expands and simplifies to: B || (!(A || ...) && A) B || (!A && ... && A) B || 0 B
2017-01-13When IPv6 addresses have not been downloaded, use hard-coded address infoteor
The microdesc consensus does not contain any IPv6 addresses. When a client has a microdesc consensus but no microdescriptor, make it use the hard-coded IPv6 address for the node (if available). (Hard-coded addresses can come from authorities, fallback directories, or configured bridges.) If there is no hard-coded address, log a BUG message, and fail the connection attempt. (All existing code checks for a hard-coded address before choosing a node address.) Fixes 20996, fix on b167e82 from 19608 in 0.2.8.5-alpha.
2017-01-13Remove redundant options checks for IPv6 preference conflictsteor
It is no longer possible for the IPv6 preference options to differ from the IPv6 usage: preferring IPv6 implies possibly using IPv6. Also remove the corresponding unit test warning message checks. (But keep the unit tests themselves - they now run without warnings.)
2017-01-13Merge remote-tracking branch 'dgoulet/bug21054_030_01'Nick Mathewson
2017-01-13Merge branch 'bug21019_030_01_squashed'Nick Mathewson
2017-01-13hs: Log if service can't connect to applicationDavid Goulet
In order to help an HS operator knowing if the application configured behind it is not working properly, add a log at warning level for the connection refused or timeout case. This log will only be printed if a client connection fails and is rate limited. Closes #21019 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-12Have circuit_get_global_origin_circuit_list() return the right list. Bug 21118Nick Mathewson
2017-01-11repair whitespace.Nick Mathewson
2017-01-11Merge remote-tracking branch 'dgoulet/ticket19925_030_01'Nick Mathewson
2017-01-11Merge branch 'bug20569_030_02_squashed'Nick Mathewson
2017-01-11hs: Use AES-256 for v3 descriptorDavid Goulet
That key size is taken from proposal 224 thus specified in the protocol. Closes #20569 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-11Merge remote-tracking branch 'asn/bug20852_v1'Nick Mathewson
2017-01-11Merge remote-tracking branch 'public/bug20974'Nick Mathewson
2017-01-11Merge remote-tracking branch 'jryans/dependant-corrected'Nick Mathewson
2017-01-11Merge branch 'bug20987_squashed'Nick Mathewson
2017-01-11Fix memory leak when failing to configure hidden services.Nick Mathewson
In 8a0ea3ee43da0063c2546092662fa7ce4900bc2c we added a temp_service_list local variable to rend_config_services, but we didn't add a corresponding "free" for it to all of the exit paths. Fixes bug 20987; bugfix on 0.3.0.1-alpha.
2017-01-11Merge remote-tracking branch 'teor/bug21123'Nick Mathewson
2017-01-09control: Add GETINFO command for the shared random valuesDavid Goulet
Add the "sr/current" and "sr/previous" keys for the GETINFO command in order to get through the control port the shared random values from the consensus. Closes #19925 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-09Max HS descriptor size is now 50kb and also consensus param.George Kadianakis
2017-01-08comment fixupsChelsea H. Komlo
2017-01-03Remove a rendundant check for PidFile changes at runtimeteor
This check is already performed regardless of whether the sandbox is active. Fixes bug 21123; bugfix on commit 2ae47d3 in 0.2.5.4-alpha.
2017-01-02Extract global_origin_circuit_list manipulation code into new fns.Nick Mathewson
Closes ticket 20921.
2017-01-02Unindent long-misindented blocks.Nick Mathewson
We switched these to be "if (1) " a while back, so we could keep the indentation and avoid merge conflicts. But it's nice to clean up from time to time.
2017-01-02Fix some dubious indentationNick Mathewson
2017-01-02Make GETINFO entry-guards work again with prop271Nick Mathewson
This is not a great solution, but it's as close to backward-compatible as possible. A better GETINFO API should expose more information.
2017-01-02Move entry-guard-is-up notification later into dirguard path.Nick Mathewson
Previously we were marking directory guards up in ..._process_inbuf(), but that's wrong: we call that function on close as well as on success. Instead, we're marking the dirguard up only after we parse the HTTP headers. Closes 20974.
2016-12-29Use the correct spelling for "Dependent" in the control protocol.J. Ryan Stinnett
Fixes #18146.
2016-12-23Merge remote-tracking branch 'dgoulet/bug20991_030_01'Nick Mathewson
2016-12-23whitespace fixNick Mathewson
2016-12-23Merge remote-tracking branch 'dgoulet/bug20572_030_01'Nick Mathewson
2016-12-23Merge remote-tracking branch 'dgoulet/bug19899_030_01'Nick Mathewson
2016-12-23Make outter (plaintext) layer of HS desc conform to prop224.George Kadianakis
This basically means changing the 'encrypted' field to 'superencrypted'.
2016-12-22circuit: Change close reasons from uint16_t to intDavid Goulet
When marking for close a circuit, the reason value, a integer, was assigned to a uint16_t converting any negative reasons (internal) to the wrong value. On the HS side, this was causing the client to flag introduction points to be unreachable as the internal reason was wrongfully converted to a positive 16bit value leading to flag 2 out of 3 intro points to be unreachable. Fixes #20307 and partially fixes #21056 Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-21test: Add unit test for prune_services_on_reload()David Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-21hs: Move and improve the service pruning codeDavid Goulet
First, this commit moves the code used to prune the service list when reloading Tor (HUP signal for instance) to a function from rend_config_services(). Second, fix bug #21054, improve the code by using the newly added circuit_get_next_service_intro_circ() function instead of poking at the global list directly and add _many_ more comments. Fixes #21054. Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-21circuit: Add a function to get the next service intro circuitDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-19Don't warn about absent guard state when none expected.Nick Mathewson
Self-testing circuits don't use guards, and nobody uses guards when UseEntryGuards is disabled. Fixes bug 21007; bug not in any released Tor.
2016-12-19Merge branch 'maint-0.2.9'Nick Mathewson
2016-12-19Merge branch 'maint-0.2.8' into maint-0.2.9Nick Mathewson
2016-12-19Merge branch 'bug21018_024' into maint-0.2.8Nick Mathewson
2016-12-19Merge branch 'maint-0.2.9'Nick Mathewson
2016-12-19Merge branch 'maint-0.2.8' into maint-0.2.9Nick Mathewson
2016-12-19Update the fallback directory mirror list in December 2016teor
Replace the 81 remaining fallbacks of the 100 originally introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks (123 new, 54 existing, 27 removed) generated in December 2016. Resolves ticket 20170.
2016-12-18Make log message warn about detected attempts to exploit 21018.Nick Mathewson
2016-12-18Fix parsing bug with unecognized token at EOSNick Mathewson
In get_token(), we could read one byte past the end of the region. This is only a big problem in the case where the region itself is (a) potentially hostile, and (b) not explicitly nul-terminated. This patch fixes the underlying bug, and also makes sure that the one remaining case of not-NUL-terminated potentially hostile data gets NUL-terminated. Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion