From 63b404911441a7691949c475a374569d668a1b32 Mon Sep 17 00:00:00 2001 From: Neel Chauhan Date: Sat, 2 Mar 2019 21:25:35 -0500 Subject: Make tor_addr_is_internal_() RFC6598 (Carrier Grade NAT) aware Fixes 28525. --- changes/bug28525 | 8 ++++++++ src/common/address.c | 19 +++++++++++++++---- src/test/test_addr.c | 18 ++++++++++++++++++ 3 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 changes/bug28525 diff --git a/changes/bug28525 b/changes/bug28525 new file mode 100644 index 0000000000..392a9265e5 --- /dev/null +++ b/changes/bug28525 @@ -0,0 +1,8 @@ + o Minor bugfixes (address selection): + - Make Tor aware of the RFC 6598 (Carrier Grade NAT) IP range, which is the + subnet 100.64.0.0/10. This is deployed by many ISPs as an alternative to + RFC 1918 that does not break existing internal networks. This patch fixes + security issues caused by RFC 6518 by blocking control ports on these + addresses and warns users if client ports or ExtORPorts are listening on + a RFC 6598 address. Fixes bug 28525; bugfix on 0.4.1.1-alpha. Patch by + Neel Chauhan. diff --git a/src/common/address.c b/src/common/address.c index 794345a138..71d3805386 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -348,9 +348,18 @@ tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr) } } -/** Return true iff ip is an IP reserved to localhost or local networks - * in RFC1918 or RFC4193 or RFC4291. (fec0::/10, deprecated by RFC3879, is - * also treated as internal for now.) +/** Return true iff ip is an IP reserved to localhost or local networks. + * + * If ip is in RFC1918 or RFC4193 or RFC4291, we will return true. + * (fec0::/10, deprecated by RFC3879, is also treated as internal for now + * and will return true.) + * + * If ip is 0.0.0.0 or 100.64.0.0/10 (RFC6598), we will act as: + * - Internal if for_listening is 0, as these addresses are not + * routable on the internet and we won't be publicly accessible to clients. + * - External if for_listening is 1, as clients could connect to us + * from the internet (in the case of 0.0.0.0) or a service provider's + * internal network (in the case of RFC6598). */ int tor_addr_is_internal_(const tor_addr_t *addr, int for_listening, @@ -398,11 +407,13 @@ tor_addr_is_internal_(const tor_addr_t *addr, int for_listening, return 0; } else if (v_family == AF_INET) { - if (for_listening && !iph4) /* special case for binding to 0.0.0.0 */ + /* special case for binding to 0.0.0.0 or 100.64/10 (RFC6598) */ + if (for_listening && (!iph4 || ((iph4 & 0xffc00000) == 0x64400000))) return 0; if (((iph4 & 0xff000000) == 0x0a000000) || /* 10/8 */ ((iph4 & 0xff000000) == 0x00000000) || /* 0/8 */ ((iph4 & 0xff000000) == 0x7f000000) || /* 127/8 */ + ((iph4 & 0xffc00000) == 0x64400000) || /* 100.64/10 */ ((iph4 & 0xffff0000) == 0xa9fe0000) || /* 169.254/16 */ ((iph4 & 0xfff00000) == 0xac100000) || /* 172.16/12 */ ((iph4 & 0xffff0000) == 0xc0a80000)) /* 192.168/16 */ diff --git a/src/test/test_addr.c b/src/test/test_addr.c index be440a0925..5c4b6449cd 100644 --- a/src/test/test_addr.c +++ b/src/test/test_addr.c @@ -1063,6 +1063,23 @@ test_addr_make_null(void *data) tor_free(zeros); } +#define TEST_ADDR_INTERNAL(a, for_listening, rv) STMT_BEGIN \ + tor_addr_t t; \ + tt_int_op(tor_inet_pton(AF_INET, a, &t.addr.in_addr), OP_EQ, 1); \ + t.family = AF_INET; \ + tt_int_op(tor_addr_is_internal(&t, for_listening), OP_EQ, rv); \ + STMT_END; + +static void +test_addr_rfc6598(void *arg) +{ + (void)arg; + TEST_ADDR_INTERNAL("100.64.0.1", 0, 1); + TEST_ADDR_INTERNAL("100.64.0.1", 1, 0); + done: + ; +} + #define ADDR_LEGACY(name) \ { #name, test_addr_ ## name , 0, NULL, NULL } @@ -1076,6 +1093,7 @@ struct testcase_t addr_tests[] = { { "sockaddr_to_str", test_addr_sockaddr_to_str, 0, NULL, NULL }, { "is_loopback", test_addr_is_loopback, 0, NULL, NULL }, { "make_null", test_addr_make_null, 0, NULL, NULL }, + { "rfc6598", test_addr_rfc6598, 0, NULL, NULL }, END_OF_TESTCASES }; -- cgit v1.2.3-54-g00ecf From 74b2bc43fbe61e3a04fe3f5cc9f817be307e13e1 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Tue, 9 Apr 2019 11:59:20 -0400 Subject: Protect buffers against INT_MAX datalen overflows. Many buffer functions have a hard limit of INT_MAX for datalen, but this limitation is not enforced in all functions: - buf_move_all may exceed that limit with too many chunks - buf_move_to_buf exceeds that limit with invalid buf_flushlen argument - buf_new_with_data may exceed that limit (unit tests only) This patch adds some annotations in some buf_pos_t functions to guarantee that no out of boundary access could occur even if another function lacks safe guards against datalen overflows. [This is a backport of the submitted patch to 0.2.9, where the buf_move_to_buf and buf_new_with_data functions did not exist.] --- src/or/buffers.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/or/buffers.c b/src/or/buffers.c index 89382d1d8e..394ba0ccb8 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -394,6 +394,10 @@ buf_free(buf_t *buf) { if (!buf) return; + if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX)) + return; + if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen)) + return; buf_clear(buf); buf->magic = 0xdeadbeef; @@ -1034,6 +1038,7 @@ buf_find_pos_of_char(char ch, buf_pos_t *out) static inline int buf_pos_inc(buf_pos_t *pos) { + tor_assert(pos->pos < INT_MAX - 1); ++pos->pos; if (pos->pos == (off_t)pos->chunk->datalen) { if (!pos->chunk->next) @@ -1925,6 +1930,7 @@ buf_find_offset_of_char(buf_t *buf, char ch) { chunk_t *chunk; off_t offset = 0; + tor_assert(buf->datalen < INT_MAX); for (chunk = buf->head; chunk; chunk = chunk->next) { char *cp = memchr(chunk->data, ch, chunk->datalen); if (cp) @@ -2044,6 +2050,7 @@ assert_buf_ok(buf_t *buf) for (ch = buf->head; ch; ch = ch->next) { total += ch->datalen; tor_assert(ch->datalen <= ch->memlen); + tor_assert(ch->datalen < INT_MAX); tor_assert(ch->data >= &ch->mem[0]); tor_assert(ch->data <= &ch->mem[0]+ch->memlen); if (ch->data == &ch->mem[0]+ch->memlen) { -- cgit v1.2.3-54-g00ecf From 0fa95308fe5fcce8842530fcae5a49188856e6ac Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Sun, 31 Mar 2019 17:33:11 +0200 Subject: Check return value of buf_move_to_buf for error. If the concatenation of connection buffer and the buffer of linked connection exceeds INT_MAX bytes, then buf_move_to_buf returns -1 as an error value. This value is currently casted to size_t (variable n_read) and will erroneously lead to an increasement of variable "max_to_read". This in turn can be used to call connection_buf_read_from_socket to store more data inside the buffer than expected and clogging the connection buffer. If the linked connection buffer was able to overflow INT_MAX, the call of buf_move_to_buf would have previously internally triggered an integer overflow, corrupting the state of the connection buffer. Signed-off-by: Tobias Stoeckmann --- src/or/connection.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/or/connection.c b/src/or/connection.c index 791fd95c27..4f636eeb8c 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -3581,6 +3581,10 @@ connection_read_to_buf(connection_t *conn, ssize_t *max_to_read, if (conn->linked_conn) { result = move_buf_to_buf(conn->inbuf, conn->linked_conn->outbuf, &conn->linked_conn->outbuf_flushlen); + if (BUG(result<0)) { + log_warn(LD_BUG, "reading from linked connection buffer failed."); + return -1; + } } else { result = 0; } -- cgit v1.2.3-54-g00ecf From c10011532e524846bce300a791f51f298b223f6a Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 9 Apr 2019 12:03:22 -0400 Subject: Changes file for bug30041 --- changes/bug30041 | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changes/bug30041 diff --git a/changes/bug30041 b/changes/bug30041 new file mode 100644 index 0000000000..801c8f67ac --- /dev/null +++ b/changes/bug30041 @@ -0,0 +1,5 @@ + o Minor bugfixes (hardening): + - Verify in more places that we are not about to create a buffer + with more than INT_MAX bytes, to avoid possible OOB access in the event + of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and fixed by + Tobias Stoeckmann. -- cgit v1.2.3-54-g00ecf From 684b396ce5c0a4d5ea70ec01a22d6d368819c873 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 20 Sep 2018 14:34:44 -0400 Subject: Remove another needless typedef --- src/or/rephist.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/or/rephist.h b/src/or/rephist.h index c464b34f7c..d2f6c66df7 100644 --- a/src/or/rephist.h +++ b/src/or/rephist.h @@ -117,9 +117,7 @@ extern uint32_t rephist_total_num; #ifdef TOR_UNIT_TESTS extern int onion_handshakes_requested[MAX_ONION_HANDSHAKE_TYPE+1]; extern int onion_handshakes_assigned[MAX_ONION_HANDSHAKE_TYPE+1]; -typedef struct bw_array_t bw_array_t; extern bw_array_t *write_array; #endif #endif - -- cgit v1.2.3-54-g00ecf From 05d25d06b62a9ee2cc77e44a66be2d9a95cae636 Mon Sep 17 00:00:00 2001 From: teor Date: Tue, 16 Apr 2019 15:39:45 +1000 Subject: rephist: fix an undeclared type compilation error In 0.3.4 and later, we declare write_array as: extern struct bw_array_t *write_array; ... typedef struct bw_array_t bw_array_t; But in 0.2.9, we declare write_array as: typedef struct bw_array_t bw_array_t; extern bw_array_t *write_array; And then again in rephist.c: typedef struct bw_array_t bw_array_t; So some compilers fail with a duplicate declaration error. We backport 684b396ce5, which removes the duplicate declaration. And this commit deals with the undeclared type error. Backports a single line from merge commit 813019cc57. Fixes bug 30184; not in any released version of Tor. --- src/or/rephist.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/rephist.h b/src/or/rephist.h index d2f6c66df7..303cd74f7a 100644 --- a/src/or/rephist.h +++ b/src/or/rephist.h @@ -117,7 +117,7 @@ extern uint32_t rephist_total_num; #ifdef TOR_UNIT_TESTS extern int onion_handshakes_requested[MAX_ONION_HANDSHAKE_TYPE+1]; extern int onion_handshakes_assigned[MAX_ONION_HANDSHAKE_TYPE+1]; -extern bw_array_t *write_array; +extern struct bw_array_t *write_array; #endif #endif -- cgit v1.2.3-54-g00ecf From 031ed59dbaf62d9cebd09f98f563c228fe6822f6 Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 17 Apr 2019 11:14:05 +1000 Subject: test/relay: add a missing typedef In 0.3.4 and later, these functions are declared in rephist.h: STATIC uint64_t find_largest_max(bw_array_t *b); STATIC void commit_max(bw_array_t *b); STATIC void advance_obs(bw_array_t *b); But in 0.2.9, they are declared in rephist.c and test_relay.c. So compilers fail with a "must use 'struct' tag" error. We add the missing struct typedef in test_relay.c, to match the declarations in rephist.c. (Merge commit 813019cc57 moves these functions into rephist.h instead.) Fixes bug 30184; not in any released version of Tor. --- src/test/test_relay.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/test/test_relay.c b/src/test/test_relay.c index 57dcb2406a..d4ebb23382 100644 --- a/src/test/test_relay.c +++ b/src/test/test_relay.c @@ -19,6 +19,8 @@ static or_circuit_t * new_fake_orcirc(channel_t *nchan, channel_t *pchan); static void test_relay_append_cell_to_circuit_queue(void *arg); + +typedef struct bw_array_t bw_array_t; uint64_t find_largest_max(bw_array_t *b); void commit_max(bw_array_t *b); void advance_obs(bw_array_t *b); -- cgit v1.2.3-54-g00ecf From 0d5a0b4f0ccc804913fbca20acf5fc62f52570b8 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Wed, 29 May 2019 09:33:24 -0400 Subject: Fixed tor_vasprintf on systems without vasprintf. If tor is compiled on a system with neither vasprintf nor _vscprintf, the fallback implementation exposes a logic flaw which prevents proper usage of strings longer than 127 characters: * tor_vsnprintf returns -1 if supplied buffer is not large enough, but tor_vasprintf uses this function to retrieve required length * the result of tor_vsnprintf is not properly checked for negative return values Both aspects together could in theory lead to exposure of uninitialized stack memory in the resulting string. This requires an invalid format string or data that exceeds integer limitations. Fortunately tor is not even able to run with this implementation because it runs into asserts early on during startup. Also the unit tests fail during a "make check" run. Signed-off-by: Tobias Stoeckmann [backported to 0.2.9 by nickm] --- src/common/compat.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/common/compat.c b/src/common/compat.c index 9758751122..d3bc2f5fec 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -558,10 +558,17 @@ tor_vasprintf(char **strp, const char *fmt, va_list args) int len, r; va_list tmp_args; va_copy(tmp_args, args); - /* vsnprintf() was properly checked but tor_vsnprintf() available so - * why not use it? */ - len = tor_vsnprintf(buf, sizeof(buf), fmt, tmp_args); + /* Use vsnprintf to retrieve needed length. tor_vsnprintf() is not an option + * here because it will simply return -1 if buf is not large enough to hold the + * complete string. + */ + len = vsnprintf(buf, sizeof(buf), fmt, tmp_args); va_end(tmp_args); + buf[sizeof(buf) - 1] = '\0'; + if (len < 0) { + *strp = NULL; + return -1; + } if (len < (int)sizeof(buf)) { *strp = tor_strdup(buf); return len; -- cgit v1.2.3-54-g00ecf From 0e0cf4abd80249faa23f2bbdb89e62ba96c898f0 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 29 May 2019 09:38:32 -0400 Subject: Tweak comments in tor_vasprintf(), and add a changes file for 30651 --- changes/bug30561 | 6 ++++++ src/common/compat.c | 10 ++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 changes/bug30561 diff --git a/changes/bug30561 b/changes/bug30561 new file mode 100644 index 0000000000..afb3f02c62 --- /dev/null +++ b/changes/bug30561 @@ -0,0 +1,6 @@ + o Minor bugfixes (portability): + - Avoid crashing in our tor_vasprintf() implementation on systems that + define neither vasprintf() nor _vscprintf(). (This bug has been here + long enough that we question whether people are running Tor on such + systems, but we're applying the fix out of caution.) Fixes bug 30561; + bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann. diff --git a/src/common/compat.c b/src/common/compat.c index d3bc2f5fec..ee3bf0fd50 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -554,13 +554,16 @@ tor_vasprintf(char **strp, const char *fmt, va_list args) * characters we need. We give it a try on a short buffer first, since * it might be nice to avoid the second vsnprintf call. */ + /* XXXX This code spent a number of years broken (see bug 30651). It is + * possible that no Tor users actually run on systems without vasprintf() or + * _vscprintf(). If so, we should consider removing this code. */ char buf[128]; int len, r; va_list tmp_args; va_copy(tmp_args, args); - /* Use vsnprintf to retrieve needed length. tor_vsnprintf() is not an option - * here because it will simply return -1 if buf is not large enough to hold the - * complete string. + /* Use vsnprintf to retrieve needed length. tor_vsnprintf() is not an + * option here because it will simply return -1 if buf is not large enough + * to hold the complete string. */ len = vsnprintf(buf, sizeof(buf), fmt, tmp_args); va_end(tmp_args); @@ -3550,4 +3553,3 @@ tor_get_avail_disk_space(const char *path) return -1; #endif } - -- cgit v1.2.3-54-g00ecf From ba83c1e5cf0e4ba0d63cb3728da059a9b241a161 Mon Sep 17 00:00:00 2001 From: teor Date: Thu, 6 Jun 2019 09:12:14 +1000 Subject: dirparse: Stop crashing when parsing unknown descriptor purpose annotations We think this bug can only be triggered by modifying a local file. Fixes bug 30781; bugfix on 0.2.0.8-alpha. --- changes/bug30781 | 4 ++++ src/or/routerparse.c | 3 +++ 2 files changed, 7 insertions(+) create mode 100644 changes/bug30781 diff --git a/changes/bug30781 b/changes/bug30781 new file mode 100644 index 0000000000..7c7adf470e --- /dev/null +++ b/changes/bug30781 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory authorities): + - Stop crashing after parsing an unknown descriptor purpose annotation. + We think this bug can only be triggered by modifying a local file. + Fixes bug 30781; bugfix on 0.2.0.8-alpha. diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 37d2d975fc..f046cc39b4 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1921,6 +1921,9 @@ router_parse_entry_from_string(const char *s, const char *end, if ((tok = find_opt_by_keyword(tokens, A_PURPOSE))) { tor_assert(tok->n_args); router->purpose = router_purpose_from_string(tok->args[0]); + if (router->purpose == ROUTER_PURPOSE_UNKNOWN) { + goto err; + } } else { router->purpose = ROUTER_PURPOSE_GENERAL; } -- cgit v1.2.3-54-g00ecf From 0849d2a2fdaeea2871f32bed35d410f19703aae1 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 6 Aug 2019 11:11:06 -0400 Subject: Avoid using labs() on time_t in channeltls.c On some windows builds, time_t is 64 bits but long is not. This is causing appveyor builds to fail. Also, one of our uses of labs() on time_t was logically incorrect: it was telling us to accept NETINFO cells up to three minutes _before_ the message they were responding to, which doesn't make sense. This patch adds a time_abs() function that we should eventually move to intmath.h or something. For now, though, it will make merges easier to have it file-local in channeltls.c. Fixes bug 31343; bugfix on 0.2.4.4-alpha. --- changes/bug31343 | 9 +++++++++ src/or/channeltls.c | 23 +++++++++++++++++++---- 2 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 changes/bug31343 diff --git a/changes/bug31343 b/changes/bug31343 new file mode 100644 index 0000000000..17a8057ead --- /dev/null +++ b/changes/bug31343 @@ -0,0 +1,9 @@ + o Minor bugfixes (compilation): + - Avoid using labs() on time_t, which can cause compilation warnings + on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (clock skew detection): + - Don't believe clock skew results from NETINFO cells that appear to + arrive before the VERSIONS cells they are responding to were sent. + Previously, we would accept them up to 3 minutes "in the past". + Fixes bug 31343; bugfix on 0.2.4.4-alpha. diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 3a352d47fe..ea69792f12 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1583,6 +1583,18 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan) } } +/** + * Helper: compute the absolute value of a time_t. + * + * (we need this because labs() doesn't always work for time_t, since + * long can be shorter than time_t.) + */ +static inline time_t +time_abs(time_t val) +{ + return (val < 0) ? -val : val; +} + /** * Process a 'netinfo' cell * @@ -1601,7 +1613,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) uint8_t n_other_addrs; time_t now = time(NULL); - long apparent_skew = 0; + time_t apparent_skew = 0; tor_addr_t my_apparent_addr = TOR_ADDR_NULL; tor_assert(cell); @@ -1659,7 +1671,11 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) /* Decode the cell. */ timestamp = ntohl(get_uint32(cell->payload)); - if (labs(now - chan->conn->handshake_state->sent_versions_at) < 180) { + const time_t sent_versions_at = + chan->conn->handshake_state->sent_versions_at; + if (now > sent_versions_at && (now - sent_versions_at) < 180) { + /* If we have gotten the NETINFO cell reasonably soon after having + * sent our VERSIONS cell, maybe we can learn skew information from it. */ apparent_skew = now - timestamp; } @@ -1705,7 +1721,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) /* Act on apparent skew. */ /** Warn when we get a netinfo skew with at least this value. */ #define NETINFO_NOTICE_SKEW 3600 - if (labs(apparent_skew) > NETINFO_NOTICE_SKEW && + if (time_abs(apparent_skew) && router_get_by_id_digest(chan->conn->identity_digest)) { int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest); clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL, @@ -2182,4 +2198,3 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) #undef ERR } - -- cgit v1.2.3-54-g00ecf From cd6cb453720a5300d00d7996c5b3a03f054cd293 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 8 Aug 2019 09:15:42 -0400 Subject: Restore proper behavior of netinfo skew check My previous fix removed a comparison, which would have caused us to warn about every skew instead of skews of over an hour. --- src/or/channeltls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/channeltls.c b/src/or/channeltls.c index ea69792f12..d44f719138 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1721,7 +1721,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) /* Act on apparent skew. */ /** Warn when we get a netinfo skew with at least this value. */ #define NETINFO_NOTICE_SKEW 3600 - if (time_abs(apparent_skew) && + if (time_abs(apparent_skew) > NETINFO_NOTICE_SKEW && router_get_by_id_digest(chan->conn->identity_digest)) { int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest); clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL, -- cgit v1.2.3-54-g00ecf From 878f4409015f741c7075d0ccf3da794a6f313302 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 8 Aug 2019 09:38:03 -0400 Subject: Fix another time_t/long warning for 31343. --- src/or/routerlist.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index f73ec9baa1..f3b298006c 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -5443,7 +5443,7 @@ int router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2) { time_t r1pub, r2pub; - long time_difference; + time_t time_difference; tor_assert(r1 && r2); /* r1 should be the one that was published first. */ @@ -5506,7 +5506,9 @@ router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2) * give or take some slop? */ r1pub = r1->cache_info.published_on; r2pub = r2->cache_info.published_on; - time_difference = labs(r2->uptime - (r1->uptime + (r2pub - r1pub))); + time_difference = r2->uptime - (r1->uptime + (r2pub - r1pub)); + if (time_difference < 0) + time_difference = - time_difference; if (time_difference > ROUTER_ALLOW_UPTIME_DRIFT && time_difference > r1->uptime * .05 && time_difference > r2->uptime * .05) @@ -5816,4 +5818,3 @@ refresh_all_country_info(void) nodelist_refresh_countries(); } - -- cgit v1.2.3-54-g00ecf From 3a280b35ee45a1e4f4edaa3891a13d449d87fa8b Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 8 Aug 2019 11:43:42 -0400 Subject: Fix a warning about casting the results of GetProcAddress. Fixes bug 31374; bugfix on 0.2.9.1-alpha. --- changes/ticket31374 | 4 ++++ src/common/compat_time.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 changes/ticket31374 diff --git a/changes/ticket31374 b/changes/ticket31374 new file mode 100644 index 0000000000..e8eef9cd49 --- /dev/null +++ b/changes/ticket31374 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation warning): + - Fix a compilation warning on Windows about casting a function + pointer for GetTickCount64(). Fixes bug 31374; bugfix on + 0.2.9.1-alpha. diff --git a/src/common/compat_time.c b/src/common/compat_time.c index d044bbe1d7..52da609db8 100644 --- a/src/common/compat_time.c +++ b/src/common/compat_time.c @@ -443,7 +443,7 @@ monotime_init_internal(void) HANDLE h = load_windows_system_library(TEXT("kernel32.dll")); if (h) { - GetTickCount64_fn = (GetTickCount64_fn_t) + GetTickCount64_fn = (GetTickCount64_fn_t) (void(*)(void)) GetProcAddress(h, "GetTickCount64"); } // FreeLibrary(h) ? @@ -654,4 +654,3 @@ monotime_coarse_absolute_msec(void) return monotime_coarse_absolute_nsec() / ONE_MILLION; } #endif - -- cgit v1.2.3-54-g00ecf From c35aded00a19f26f3124584e7d0f561cf579efec Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Tue, 12 Mar 2019 20:11:51 +0200 Subject: Fix #28525 changes file that is breaking CI. --- changes/bug28525 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/changes/bug28525 b/changes/bug28525 index 392a9265e5..988ffb2192 100644 --- a/changes/bug28525 +++ b/changes/bug28525 @@ -1,8 +1,7 @@ - o Minor bugfixes (address selection): + o Minor features (address selection): - Make Tor aware of the RFC 6598 (Carrier Grade NAT) IP range, which is the subnet 100.64.0.0/10. This is deployed by many ISPs as an alternative to RFC 1918 that does not break existing internal networks. This patch fixes security issues caused by RFC 6518 by blocking control ports on these addresses and warns users if client ports or ExtORPorts are listening on - a RFC 6598 address. Fixes bug 28525; bugfix on 0.4.1.1-alpha. Patch by - Neel Chauhan. + a RFC 6598 address. Closes ticket 28525. Patch by Neel Chauhan. -- cgit v1.2.3-54-g00ecf From 37bd7fa50d0901a87084b71299cc8c8786cd1cd8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 9 Apr 2019 13:14:28 -0400 Subject: Modify "Protect buffers against INT_MAX datalen overflows." for 0.2.9 --- src/or/buffers.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/or/buffers.c b/src/or/buffers.c index 394ba0ccb8..b36e4ab509 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -394,10 +394,6 @@ buf_free(buf_t *buf) { if (!buf) return; - if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX)) - return; - if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen)) - return; buf_clear(buf); buf->magic = 0xdeadbeef; @@ -2067,4 +2063,3 @@ assert_buf_ok(buf_t *buf) tor_assert(buf->datalen == total); } } - -- cgit v1.2.3-54-g00ecf 319' href='#n319'>319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446