aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2014-06-04Merge remote-tracking branch 'public/bug12195'Nick Mathewson
2014-06-03Fix ancient code that only checked circ_id, not circ_id and chanNick Mathewson
This code mis-handled the case where a circuit got the same circuit ID in both directions. I found three instances of it in the codebase, by grepping for [pn]_circ_id. Because of the issue in command_process_relay_cell(), this would have made roughly one circuit in a million completely nonfunctional. Fixes bug 12195.
2014-06-02Don't try to fetch bridge descriptors when DisableNetwork is setNick Mathewson
Patch from Roger; changes file by me. Fixes 10405; bugfix on 0.2.3.9-alpha, where DisableNetwork was introduced.
2014-06-02Merge remote-tracking branch 'public/bug12170_024_v2'Nick Mathewson
2014-06-02Avoid needless router_dir_info_has_changed from router_set_statusNick Mathewson
On some profiles of Andrea's from #11332, I found that a great deal of time can still be attributed to functions called from update_router_have_minimum_dir_info(). This is making our digestmap, tor_memeq, and siphash functions take a much bigger portion of runtime than they really should. If we're calling update_router_have_minimum_dir_info() too often, that's because we're calling router_dir_info_changed() too often. And it looks like most of the callers of router_dir_info_changed() are coming as tail-calls from router_set_status() as invoked by channel_do_open_actions(). But we don't need to call router_dir_info_changed() so much! (I'm not quite sure we need to call it from here at all, but...) Surely we don't need to call it from router_set_status when the router's status has not actually changed. This patch makes us call router_dir_info_changed() from router_set_status only when we are changing the router's status. Fix for bug 12170. This is leftover from our fix back in 273ee3e81 in 0.1.2.1-alpha, where we started caching the value of update_router_have_minimum_dir_info().
2014-05-29sandbox: allow enough setsockopt to make ConstrainedSockets workNick Mathewson
fixes bug 12139; bugfix on 0.2.5.1-alpha
2014-05-27sandbox: permit listen(2)Nick Mathewson
Fix for 12115; bugfix on 0.2.5.1-alpha
2014-05-27sandbox: Allow DirPortFrontPage unconditionally if it's setNick Mathewson
fixes 12114; bug not in any release. Improves fix for 12028
2014-05-27Log the errno value if seccomp_load() fails.Nick Mathewson
(This is how I found out I was trying to test with a kernel too old for seccomp. I think.)
2014-05-27Make sandbox.c compile on armNick Mathewson
This is a minimal set of changes for compilation; I need a more recent kernel to test this stuff.
2014-05-23sandbox: Correct fix for hs part of 12064Nick Mathewson
Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
2014-05-23Merge branch 'bug11965_v2'Nick Mathewson
2014-05-23Postpone fetches based on should_delay_dir_fetch(), not DisableNetworkNick Mathewson
Without this fix, when running with bridges, we would try fetching directory info far too early, and have up to a 60 second delay if we started with bridge descriptors available. Fixes bug 11965. Fix on 0.2.3.6-alpha, arma thinks.
2014-05-22sandbox: allow reading of hidden service configuration files.Nick Mathewson
fixes part of 12064
2014-05-22sandbox: refactor string-based option-unchanged tests to use a macroNick Mathewson
There was too much code duplication in doing it the old way, and I nearly made a copy-and-paste error in the last commit.
2014-05-22sandbox: allow access to cookie files, approved-routersNick Mathewson
fixes part of 12064
2014-05-22sandbox: allow access to various stats/*-stats filesMichael Wolf
Fix for 12064 part 1
2014-05-22Merge remote-tracking branch 'andrea/bug11476'Nick Mathewson
2014-05-21Eliminate #ifdef ENABLE_MEMPOOLS in packed_cell_new/free()Andrea Shepard
2014-05-20sandbox: permit gettid, sched_getaffinityNick Mathewson
These are needed under some circumstances if we are running with expensive-hardening and sandbox at the same time. fixes 11477, bugfix on 0.2.5.4-alpha (where we introduced expensive-hardening)
2014-05-20fix a wide lineNick Mathewson
2014-05-20sandbox: support logfile rotationNick Mathewson
Fixes bug 12032; bugfix on 0.2.5.1-alpha
2014-05-20sandbox: tolerate reloading with DirPortFrontPage setNick Mathewson
Also, don't tolerate changing DirPortFrontPage. Fixes bug 12028; bugfix on 0.2.5.1-alpha.
2014-05-20sandbox: Disallow options which would make us call exec()Nick Mathewson
None of the things we might exec() can possibly run under the sanbox, so rather than crash later, we have to refuse to accept the configuration nice and early. The longer-term solution is to have an exec() helper, but wow is that risky. fixes 12043; bugfix on 0.2.5.1-alpha
2014-05-20sandbox: Permit access to stats/dirreq-statsNick Mathewson
This prevents a crash when rotating logs with dirreq-stats enabled fixes 12035; bugfix on 0.2.5.1-alpha.
2014-05-20Oops; permit rename with the correct filenameNick Mathewson
2014-05-20Fix a sentence that I neverNick Mathewson
2014-05-20Sandbox: allow access to stats/bridge-statsNick Mathewson
Fix for 12041; bugfix on 0.2.5.1-alpha.
2014-05-17note a comment that nickm didn't finishRoger Dingledine
2014-05-16Bump maint-0.2.4 version to 0.2.4.22-devNick Mathewson
(See discussion on #9553)
2014-05-15Merge remote-tracking branch 'public/bug11469_024'Nick Mathewson
2014-05-14whitespace fix, moreNick Mathewson
2014-05-14Merge branch 'bug11946'Nick Mathewson
2014-05-14whitespace fixNick Mathewson
2014-05-14Improved comments on bug11946 fixNick Mathewson
2014-05-14Use DirPort for uploading descriptors.Nick Mathewson
When we converted the horrible set of options that previously controlled "use ORPort or DirPort? Anonymously or Non-anonymouly?" to a single 'indirection' argument, we missed directory_post_to_dirservers. The problematic code was introduced in 5cbeb6080, which went into 0.2.4.3-alpha. This is a fix for bug 11469.
2014-05-14Use tor_getpw{nam,uid} wrappers to fix bug 11946Nick Mathewson
When running with User set, we frequently try to look up our information in the user database (e.g., /etc/passwd). The seccomp2 sandbox setup doesn't let us open /etc/passwd, and probably shouldn't. To fix this, we have a pair of wrappers for getpwnam and getpwuid. When a real call to getpwnam or getpwuid fails, they fall back to a cached value, if the uid/gid matches. (Granting access to /etc/passwd isn't possible with the way we handle opening files through the sandbox. It's not desirable either.)
2014-05-14Add a pair of wrapper functions: tor_getpwnam() and tor_getpwuid()Nick Mathewson
We'll use these to deal with being unable to access the user DB after we install the sandbox, to fix bug 11946.
2014-05-12Add --disable-mempools configure optionAndrea Shepard
2014-05-12Merge branch 'bug9781_v2'Nick Mathewson
2014-05-12Log an error reply from tor-fw-helper correctly.Nick Mathewson
Fix for bug 9781; bugfix on cd05f35d2cdf50 in 0.2.4.2-alpha.
2014-05-12Fix compilation of test_status.c with MSVCGisle Vanem
2014-05-11fix whitespaceNick Mathewson
2014-05-11Quench clang's complaints with -Wshorten-64-to-32 when time_t is not long.dana koch
On OpenBSD 5.4, time_t is a 32-bit integer. These instances contain implicit treatment of long and time_t as comparable types, so explicitly cast to time_t.
2014-05-08One more 64->32Nick Mathewson
2014-05-08Fix numerous 64->32 errors in the unit testsNick Mathewson
Before the 11825 fix, these were all silently ignored.
2014-05-08Fix unearthed problems in unit testsNick Mathewson
2014-05-08Fix numerous type errors in the unit testsNick Mathewson
Remove tinytest casts that were suppressing them. Fix for #11825.
2014-05-08Fix test_util_max_mem on 32-bit CPUsNick Mathewson
2014-05-08More unit tests for #11648-related stuffNick Mathewson
These are actually tests for #311. It appears to me that we didn't fix #311 properly when we thought we did in 475eb5d6; instead, the real fix was 05eff35ac6d64b, a few minutes earlier.