| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.
This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.
Fixes #13667.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it. Let's make sure that doesn't happen.
Closes ticket 14041
|
|
|
|
If you are in a coffee shop that returns a helpful redirect page for
"onionrouter", or on an ISP that does the same, the test as written
would fail.
|
|
|
|
|
|
Also, improve comments on resolve_my_address to explain what it
actually does.
|
|
|
|
|
|
|
|
|
|
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.
This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13963.
|
|
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)
Fix code that assumes larger interval values.
This assists in quickly bootstrapping a testing
Tor network.
Fixes bugs 13718 & 13823.
|
|
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.
This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
|
|
|
|
Matthew's autoaddr code returned an undecorated address when trying to check
that the code didn't insert an undecorated one into the map.
This patch fixes this by actually storing the undecorated address in tmp
instead of buf as it was originally intended.
This patch is released under the same license as the original file as
long as the author iscredited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
|
|
|
|
Document why we divide it by two.
Check for > 0 instead of nonzero for success, since that's what the
manpage says.
Allow watchdog timers greater than 1 second.
|
|
It work by notifying systemd on a regular basis. If
there is no notification, the daemon is restarted.
This requires a version newer than the 209 version
of systemd, as it is not supported before.
|
|
This permit for now to signal readiness in a cleaner way
to systemd.
|
|
|
|
When receiving a trasnsparently proxied request with tor using iptables tor
dies because the appropriate getsockopt calls aren't enabled on the sandbox.
This patch fixes this by adding the two getsockopt calls used when doing
transparent proxying with tor to the sandbox for the getsockopt policy.
This patch is released under the same license as the original file as
long as the author is credited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
|
|
The original call to getsockopt to know the original address on transparently
proxyed sockets using REDIRECT in iptables failed with IPv6 addresses because
it assumed all sockets used IPv4.
This patch fixes this by using the appropriate options and adding the headers
containing the needed definitions for these.
This patch is released under the same license as the original file as
long as the author iscredited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
|
|
channel_write_*_cell() can delete its argument, so coverity doesn't
like us doing pointer comparison against that argument later.
Silly.
|
|
|
|
|
|
This is a good idea in case the caller stupidly doesn't check the
return value from baseX_decode(), and as a workaround for the
current inconsistent API of base16_decode.
Prevents any fallout from bug 14013.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.
Fixes bug 14001.
|
|
OS X uses ipfw (FreeBSD) or pf (OpenBSD). Update the transparent
proxy option checks to allow for both ipfw and pf on OS X.
Fixes bug 14002.
|
|
|
|
|
|
Looks like we forgot to update unit tests when we switched from 32-bit to
64-bit ints while tweaking 7cd53b7.
|
|
|
