Nick Mathewson [Tue, 12 Aug 2014 16:15:09 +0000 (12:15 -0400)]
Fix another case of 12848 in circuit_handle_first_hop
I looked for other places where we set circ->n_chan early, and found
one in circuit_handle_first_hop() right before it calls
circuit_send_next_onion_skin(). If onion_skin_create() fails there,
then n_chan will still be set when circuit_send_next_onion_skin()
returns. We should probably fix that too.
Build circuits more readily when DisableNetwork goes to 0
When Tor starts with DisabledNetwork set, it would correctly
conclude that it shouldn't try making circuits, but it would
mistakenly cache this conclusion and continue believing it even
when DisableNetwork is set to 0. Fixes the bug introduced by the
fix for bug 11200; bugfix on 0.2.5.4-alpha.
Explicitly disable RunAsDaemon in the systemd unit file (#12731).
Our current systemd unit uses "Type = simple", so systemd does not expect tor to
fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as
expected. This is e.g. the case on Debian (and derivatives), since there we pass
"--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" (that contains
"RunAsDaemon 1") by default.
The only solution I could find is to explicitly pass "--RunAsDaemon 0" when
starting tor from the systemd unit file, which this commit does.
Roger Dingledine [Mon, 28 Jul 2014 06:44:05 +0000 (02:44 -0400)]
Warn and drop the circuit if we receive an inbound 'relay early' cell
Those used to be normal to receive on hidden service circuits due to bug
1038, but the buggy Tor versions are long gone from the network so we
can afford to resume watching for them. Resolves the rest of bug 1038;
bugfix on 0.2.1.19.
Nick Mathewson [Tue, 10 Jun 2014 15:11:47 +0000 (11:11 -0400)]
Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl. It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match. But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID. This was causing a read off the end
of the 'cipherid' array.
This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.
(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge. Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)
Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
Roger Dingledine [Thu, 24 Jul 2014 04:35:47 +0000 (00:35 -0400)]
Raise guard threshold to top 25% or 2000 kilounits
Authorities now assign the Guard flag to the fastest 25% of the
network (it used to be the fastest 50%). Also raise the consensus
weight that guarantees the Guard flag from 250 to 2000. For the
current network, this results in about 1100 guards, down from 2500.
This step paves the way for moving the number of entry guards
down to 1 (proposal 236) while still providing reasonable expected
performance for most users.
Nick Mathewson [Thu, 17 Jul 2014 09:25:56 +0000 (11:25 +0200)]
Fix compilation with no-compression OpenSSL builds and forks
Found because LibreSSL has OPENSSL_NO_COMP always-on, but this
conflicts with the way that _we_ turn off compression. Patch from
dhill, who attributes it to "OpenBSD". Fixes bug 12602; bugfix on
0.2.1.1-alpha, which introduced this turn-compression-off code.
src/or/connection.c: expose bucket_millis_empty for bufferevents test
Currently tor fails to build its test when enabled with bufferevents
because an #ifndef USE_BUFFEREVENTS hides bucket_millis_empty() and
friends. This is fine if we don't run tests, but if we do, we need
these functions in src/or/libtor-testing.a when linking src/test/test.
This patch moves the functions outside the #ifndef and exposes them.
configure.ac: fix build with --enable-bufferevents
When building with bufferevents enabled, configure.ac throws an
error if "$ac_cv_header_event2_bufferevent_ssl_h" is not set to
"yes". However, nowhere was AC_CHECK_HEADERS(event2/bufferevent_ssl.h)
done. This commit adds the check.
Nick Mathewson [Wed, 16 Jul 2014 08:05:00 +0000 (10:05 +0200)]
Add another 8387 diagnostic
When we run into bug 8387 (if we run into it again), report when we
last called circuit_expire_old_circuits_clientside(). This will let
us know -- if my fix for 8387 doesn't work -- whether my diagnosis
was at least correct.
Nick Mathewson [Mon, 16 Jun 2014 15:15:47 +0000 (11:15 -0400)]
manpage: Move more authority-only options into the authority section
I don't know whether we missed these or misclassified them when we
first made the "DIRECTORY AUTHORITY SERVER OPTIONS" section, but they
really belong there.
Nick Mathewson [Sat, 14 Jun 2014 15:46:54 +0000 (11:46 -0400)]
Add ATTR_UNUSED to HT_FIND
The fix for bug 8746 added a hashtable instance that never actually
invoked HT_FIND. This caused a warning, since we didn't mark HT_FIND
as okay-not-to-use.
Nick Mathewson [Wed, 30 Apr 2014 16:50:00 +0000 (12:50 -0400)]
More unit tests for process spawning
Try killing a running process; try noticing that a process has
exited without checking its output; verify that waitpid_cb (when
present) is set to NULL when you would expect it to be.
Nick Mathewson [Thu, 10 Apr 2014 15:16:42 +0000 (11:16 -0400)]
On Windows, terminate processes by handle, not pid
When we create a process yourself with CreateProcess, we get a
handle to the process in the PROCESS_INFO output structure. But
instead of using that handle, we were manually looking up a _new_
handle based on the process ID, which is a poor idea, since the
process ID might refer to a new process later on, but the handle
can't.
Nick Mathewson [Thu, 10 Apr 2014 15:06:10 +0000 (11:06 -0400)]
Use waitpid code to learn when a controlled process dies
This lets us avoid sending SIGTERM to something that has already
died, since we realize it has already died, and is a fix for the
unix version of #8746.
Nick Mathewson [Tue, 10 Jun 2014 17:35:45 +0000 (13:35 -0400)]
Try to diagnose bug 12184
Check for consistency between the queued destroy cells and the marked
circuit IDs. Check for consistency in the count of queued destroy
cells in several ways. Check to see whether any of the marked circuit
IDs have somehow been marked longer than the channel has existed.
Nick Mathewson [Wed, 11 Jun 2014 13:33:20 +0000 (09:33 -0400)]
Also raise the check for 0 circuit ID in created cell.
And add a comment about why conditions that would cause us to drop a
cell should get checked before actions that would cause us to send a
destroy cell.
Spotted by 'cypherpunks'.
And note that these issues have been present since 0.0.8pre1 (commit 0da256ef), where we added a "shutting down" state, and started
responding to all create cells with DESTROY when shutting down.
Nick Mathewson [Fri, 16 May 2014 14:32:31 +0000 (10:32 -0400)]
Replace last_added_nonpadding with last_had_circuits
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits. But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.
This is part of fixing 6799.
When applied to 0.2.5, it is also a fix for 12023.
Nick Mathewson [Wed, 9 Apr 2014 15:13:37 +0000 (11:13 -0400)]
Give each or_connection_t a slightly randomized idle_timeout
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.
Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.
projects / thirdparty / tor.git / log
