Coverity found a null pointer reference in nodelist_add_microdesc().
This is almost certainly impossible assuming that the routerstatus_t
returned by router_get_consensus_status_by_descriptor_digest() always
corresponds to an entry in the nodelist. Fixes bug 25629.
Isis Lovecruft [Wed, 7 Mar 2018 23:50:00 +0000 (23:50 +0000)]
test: Increase time limit for IP creation in an HS test.
This should avoid most intermittent test failures on developer and CI machines,
but there could (and probably should) be a more elegant solution.
Also, this test was testing that the IP was created and its expiration time was
set to a time greater than or equal to `now+INTRO_POINT_LIFETIME_MIN_SECONDS+5`:
/* Time to expire MUST also be in that range. We add 5 seconds because
* there could be a gap between setting now and the time taken in
* service_intro_point_new. On ARM, it can be surprisingly slow... */
tt_u64_op(ip->time_to_expire, OP_GE,
now + INTRO_POINT_LIFETIME_MIN_SECONDS + 5);
However, this appears to be a typo, since, according to the comment above it,
adding five seconds was done because the IP creation can be slow on some
systems. But the five seconds is added to the *minimum* time we're comparing
against, and so it actually functions to make this test *more* likely to fail on
slower systems. (It should either subtract five seconds, or instead add it to
time_to_expire.)
Nick Mathewson [Thu, 15 Feb 2018 14:05:55 +0000 (09:05 -0500)]
Forbid UINT32_MAX as a protocol version
The C code and the rust code had different separate integer overflow
bugs here. That suggests that we're better off just forbidding this
pathological case.
Also, add tests for expected behavior on receiving a bad protocol
list in a consensus.
Nick Mathewson [Thu, 1 Feb 2018 21:33:52 +0000 (16:33 -0500)]
Correctly handle NULL returns from parse_protocol_list when voting.
In some cases we had checked for it, but in others we had not. One
of these cases could have been used to remotely cause
denial-of-service against directory authorities while they attempted
to vote.
Roger Dingledine [Wed, 31 Jan 2018 08:21:27 +0000 (03:21 -0500)]
stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives
this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.
Roger Dingledine [Wed, 31 Jan 2018 08:21:27 +0000 (03:21 -0500)]
stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives
this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.
Roger Dingledine [Tue, 30 Jan 2018 23:05:39 +0000 (18:05 -0500)]
backport to make channel_is_client() accurate
This commit takes a piece of commit af8cadf3a9 and a piece of commit 46fe353f25, with the goal of making channel_is_client() be based on what
sort of connection handshake the other side used, rather than seeing
whether the other side ever sent a create_fast cell to us.
David Goulet [Tue, 13 Feb 2018 15:29:41 +0000 (10:29 -0500)]
dos: Don't set consensus param if we aren't a public relay
We had this safeguard around dos_init() but not when the consensus changes
which can modify consensus parameters and possibly enable the DoS mitigation
even if tor wasn't a public relay.
Fixes #25223
Signed-off-by: David Goulet <dgoulet@torproject.org>
Nick Mathewson [Mon, 12 Feb 2018 16:08:33 +0000 (11:08 -0500)]
Have tor_addr hashes return a randomized hash for AF_UNSPEC.
We don't expect this to come up very much, but we may as well make
sure that the value isn't predictable (as we do for the other
addresses) in case the issue ever comes up.
David Goulet [Fri, 9 Feb 2018 16:11:41 +0000 (11:11 -0500)]
dos: Exclude known relays from client connection count
This is to avoid positively identifying Exit relays if tor client connection
comes from them that is reentering the network.
One thing to note is that this is done only in the DoS subsystem but we'll
still add it to the geoip cache as a "client" seen. This is done that way so
to avoid as much as possible changing the current behavior of the geoip client
cache since this is being backported.
Closes #25193
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Mon, 5 Feb 2018 15:39:10 +0000 (10:39 -0500)]
geoip: Make geoip_client_cache_total_allocation() return the counter
The HT_FOREACH() is insanely heavy on the CPU and this is part of the fast
path so make it return the nice memory size counter we added in 4d812e29b9b1ec88.
Fixes #25148
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Fri, 2 Feb 2018 22:04:12 +0000 (17:04 -0500)]
dos: We can put less token than the current amount
Becasue the circuit creation burst and rate can change at runtime it is
possible that between two refill of a bucket, we end up setting the bucket
value to less than there currently is.
Fixes #25128
Signed-off-by: David Goulet <dgoulet@torproject.org>
projects / thirdparty / tor.git / log
