summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2010-12-15Merge remote branch fix_security_bug_021 into fix_security_bug_022Nick Mathewson
Conflicts: src/common/memarea.c src/or/or.h src/or/rendclient.c
2010-12-15Make payloads into uint8_t.Nick Mathewson
This will avoid some signed/unsigned assignment-related bugs.
2010-12-14Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
Conflicts: src/config/geoip
2010-12-13Have all of our allocation functions and a few others check for underflowNick Mathewson
It's all too easy in C to convert an unsigned value to a signed one, which will (on all modern computers) give you a huge signed value. If you have a size_t value of size greater than SSIZE_T_MAX, that is way likelier to be an underflow than it is to be an actual request for more than 2gb of memory in one go. (There's nothing in Tor that should be trying to allocate >2gb chunks.)
2010-12-13Base SIZE_T_CEILING on SSIZE_T_MAX.Nick Mathewson
2010-12-08Update to the December 1 2010 Maxmind GeoLite Country database.Karsten Loesing
2010-12-07Merge branch 'bug2081_followup_022' into maint-0.2.2Nick Mathewson
2010-12-07Reject relay versions older than 0.2.0.26-rcNick Mathewson
This was the first version to cache the correct directory information. Fixes bug 2156.
2010-12-06Fix a bug in calculating wakeup time on 64-bit machines.Nick Mathewson
If you had TIME_MAX > INT_MAX, and your "time_to_exhaust_bw = accountingmax/expected_bandwidth_usage * 60" calculation managed to overflow INT_MAX, then your time_to_consider value could underflow and wind up being rediculously low or high. "Low" was no problem; negative values got caught by the (time_to_consider <= 0) check. "High", however, would get you a wakeup time somewhere in the distant future. The fix is to check for time_to_exhaust_bw overflowing INT_MAX, not TIME_MAX: We don't allow any accounting interval longer than a month, so if time_to_exhaust_bw is significantly larger than 31*24*60*60, we can just clip it. This is a bugfix on 0.0.9pre6, when accounting was first introduced. It fixes bug 2146, unless there are other causes there too. The fix is from boboper. (I tweaked it slightly by removing an assignment that boboper marked as dead, and lowering a variable that no longer needed to be function-scoped.)
2010-12-06Add a missing ! to directory_fetches_from_authoritiesNick Mathewson
The old logic would have us fetch from authorities if we were refusing unknown exits and our exit policy was reject*. Instead, we want to fetch from authorities if we're refusing unknown exits and our exit policy is _NOT_ reject*. Fixed by boboper. Fixes more of 2097. Bugfix on 0.2.2.16-alpha.
2010-12-03Don't crash when accountingmax is set in non-server TorsNick Mathewson
We use a hash of the identity key to seed a prng to tell when an accounting period should end. But thanks to the bug998 changes, clients no longer have server-identity keys to use as a long-term seed in accounting calculations. In any case, their identity keys (as used in TLS) were never never fixed. So we can just set the wakeup time from a random seed instead there. Still open is whether everybody should be random. This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha. Diagnosed with help from boboper on irc.
2010-12-02Fix a harmless off-by-one error in counting controller argument lengthsNick Mathewson
Bugfix on 0.1.1.1-alpha; found by boboper.
2010-11-29Revise comment on 2210 a little; clean up n_streams/num_streams confusionNick Mathewson
Also add a changes file
2010-11-29Add wrappers function for libc random()Nick Mathewson
On windows, it's called something different.
2010-11-29Fix whitespace in patch for 2210 and backport to 0.2.2Nick Mathewson
2010-11-29Improve fairness when activating streams in circuit_resume_edge_reading_helperMashael AlSabah
The reason the "streams problem" occurs is due to the complicated interaction between Tor's congestion control and libevent. At some point during the experiment, the circuit window is exhausted, which blocks all edge streams. When a circuit level sendme is received at Exit, it resumes edge reading by looping over linked list of edge streams, and calling connection_start_reading() to inform libevent to resume reading. When the streams are activated again, Tor gets the chance to service the first three streams activated before the circuit window is exhausted again, which causes all streams to be blocked again. As an experiment, we reversed the order in which the streams are activated, and indeed the first three streams, rather than the last three, got service, while the others starved. Our solution is to change the order in which streams are activated. We choose a random edge connection from the linked list, and then we activate streams starting from that chosen stream. When we reach the end of the list, then we continue from the head of the list until our chosen stream (treating the linked list as a circular linked list). It would probably be better to actually remember which streams have received service recently, but this way is simple and effective.
2010-11-29Merge branch 'exitstats' into maint-0.2.2Nick Mathewson
2010-11-29comment karsten's bug2196 patch a littleNick Mathewson
2010-11-24Avoid dereferencing NULL if a bridge fails to build an ei descriptor.Robert Ransom
Reported by an anonymous commenter on Trac.
2010-11-24Report only the top 10 ports in exit-port stats.Karsten Loesing
2010-11-23Fix compilation with mingw and OpenSSL 0.9.8m+mingw-san
2010-11-23Use S_CASE for ehostunreach, not E_CASE. Partial backport of 69deb22f. Fixes ↵Nick Mathewson
0.2.1 compilation on windows
2010-11-22Have authorities reject routers running verions susceptible to bug 1038.Nick Mathewson
2010-11-21bump to 0.2.2.19-alphaRoger Dingledine
2010-11-21Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
2010-11-21Merge branch 'fix2204' into maint-0.2.1Nick Mathewson
2010-11-20Do not set the hostname TLS extension server-side; only client-sideNick Mathewson
This may fix bug 2204, and resolve the incompatibility with openssl 0.9.8p/1.0.0b.
2010-11-19Fix a unit test broken by fix for 2195Nick Mathewson
2010-11-19Merge branch 'fix2183', remote branch 'rransom/fix2195-v2' into maint-0.2.2Nick Mathewson
2010-11-19Fix logic error in router_dump_router_to_string.Robert Ransom
Spotted by Nick Mathewson.
2010-11-19Add comments to some of the bug2183 fix codeNick Mathewson
2010-11-17Generate a router descriptor even if generating an extra-info descriptor fails.Robert Ransom
Fixes bug #2195.
2010-11-17Do not emit an extra-info-digest descriptor line if the digest is zero.Robert Ransom
2010-11-17Tweak the bugfix for 2183 a bit more.Karsten Loesing
2010-11-16new development versionRoger Dingledine
2010-11-16bump to 0.2.2.18-alphaRoger Dingledine
2010-11-16warn more about AllowSingleHopExitsRoger Dingledine
2010-11-15Merge commit 'nickm/1776_redux_v1' into maint-0.2.2Roger Dingledine
2010-11-15Clean up my 1776 fix a bitNick Mathewson
Sebastian notes (and I think correctly) that one of our ||s should have been an &&, which simplifies a boolean expression to decide whether to replace bridges. I'm also refactoring out the negation at the start of the expression, to make it more readable.
2010-11-15Move controller event for socks warning into log_unsafe_socks_warningNick Mathewson
2010-11-15Merge branch 'bug2000_nm_022' into maint-0.2.2Nick Mathewson
2010-11-15Merge remote branch 'sebastian/manpagefixups' into maint-0.2.2Nick Mathewson
2010-11-15Rate-limit unsafe socks warningSebastian Hahn
Pick 5 seconds as the limit. 5 seconds is a compromise here between making sure the user notices that the bad behaviour is (still) happening and not spamming their log too much needlessly (the log message is pretty long). We also keep warning every time if safesocks is specified, because then the user presumably wants to hear about every blocked instance. (This is based on the original patch by Sebastian, then backported to 0.2.2 and with warnings split into their own function.)
2010-11-15Don't use log_err for non-criticial warnings.Karsten Loesing
2010-11-15Try harder not to exceed the 50 KB extra-info descriptor limit.Karsten Loesing
Our checks that we don't exceed the 50 KB size limit of extra-info descriptors apparently failed. This patch fixes these checks and reserves another 250 bytes for appending the signature. Fixes bug 2183.
2010-11-12Avoid perma-blocking the controller on bug in shrink_freelistNick Mathewson
In all likelihood, this bug would make Tor assert, but if it doesn't, let's not have two bugs.
2010-11-12Disable logging to control port connections in buf_shrink_freelists.Robert Ransom
If buf_shrink_freelists calls log_warn for some reason, we don't want the log call itself to throw buf_shrink_freelists further off the rails.
2010-11-12Move the original log_info call out of the core of buf_shrink_freelists.Robert Ransom
Sending a log message to a control port can cause Tor to allocate a buffer, thereby changing the length of the freelist behind buf_shrink_freelists's back, thereby causing an assertion to fail. Fixes bug #1125.
2010-11-12Disable logging to control port connections in buf_shrink_freelists.Robert Ransom
If buf_shrink_freelists calls log_warn for some reason, we don't want the log call itself to throw buf_shrink_freelists further off the rails.
2010-11-12Move the original log_info call out of the core of buf_shrink_freelists.Robert Ransom
Sending a log message to a control port can cause Tor to allocate a buffer, thereby changing the length of the freelist behind buf_shrink_freelists's back, thereby causing an assertion to fail. Fixes bug #1125.