Sebastian Hahn [Sun, 31 Jan 2010 20:54:04 +0000 (21:54 +0100)]
Don't spam controllers with TOO_MANY_CONNECTIONS events
We implemented ratelimiting for warnings going into the logfile, but didn't
rate-limit controller events. Now both log warnings and controller events
are rate-limited.
Sebastian Hahn [Mon, 8 Feb 2010 14:35:34 +0000 (15:35 +0100)]
Don't use gethostbyname() in resolve_my_address()
Tor has tor_lookup_hostname(), which prefers ipv4 addresses automatically.
Bug 1244 occured because gethostbyname() returned an ipv6 address, which
Tor cannot handle currently. Fixes bug 1244; bugfix on 0.0.2pre25.
Reported by Mike Mestnik.
Sebastian Hahn [Sun, 7 Feb 2010 05:30:55 +0000 (06:30 +0100)]
lookup_last_hid_serv_request() could overflow and leak memory
The problem was that we didn't allocate enough memory on 32-bit
platforms with 64-bit time_t. The memory leak occured every time
we fetched a hidden service descriptor we've fetched before.
Sebastian Hahn [Wed, 3 Feb 2010 22:54:18 +0000 (23:54 +0100)]
Call exit_policy_is_general_exit less
When calculating the is_exit flag for a routerinfo_t, we don't need
to call exit_policy_is_general_exit() if router_exit_policy_rejects_all()
tells us it definitely is an exit. This check is much cheaper than
running exit_policy_is_general_exit().
Sebastian Hahn [Tue, 2 Feb 2010 13:51:51 +0000 (14:51 +0100)]
Don't assign Exit flag incorrectly
exit_policy_is_general_exit() assumed that there are no redundancies
in the passed policy, in the sense that we actively combine entries
in the policy to really get rid of any redundancy. Since we cannot
do that without massively rewriting the policy lines the relay
operators set, fix exit_policy_is_general_exit().
Nick Mathewson [Tue, 2 Feb 2010 21:12:45 +0000 (16:12 -0500)]
Link libssl and libcrypto in the right order.
For most linking setups, this doesn't matter. But for some setups, when
statically linking openssl, it does matter, since you need to link things
with dependencies before you link things they depend on.
Nick Mathewson [Mon, 1 Feb 2010 03:48:29 +0000 (22:48 -0500)]
Revise OpenSSL fix to work with OpenSSL 1.0.0beta*
In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.
For the ugly version, see my long comment in tortls.c
Nick Mathewson [Fri, 29 Jan 2010 22:02:17 +0000 (17:02 -0500)]
Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch. On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.
Nick Mathewson [Fri, 29 Jan 2010 22:02:17 +0000 (17:02 -0500)]
Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch. On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.
Sebastian Hahn [Wed, 27 Jan 2010 20:05:01 +0000 (21:05 +0100)]
Fix building the tarball
This removes the Makefile.am from doc/design-paper and replaces it with
a static Makefile. We don't need to call it during the normal Tor build
process, as we don't need its targets normally. Keeping it around in
case we want to rebuild the pdf or ps files later.
Nick Mathewson [Wed, 27 Jan 2010 22:08:04 +0000 (17:08 -0500)]
Proposal 169: Eliminate TLS renegotiation
I propose a backward-compatible change to the Tor connection
establishment protocol to avoid the use of TLS
renegotiation.
Rather than doing a TLS renegotiation to exchange
certificates and authenticate the original handshake, this
proposal takes an approach similar to Steven Murdoch's
proposal 124, and uses Tor cells to authenticate the
parties' identities once the initial TLS handshake is
finished.
Sebastian Hahn [Tue, 19 Jan 2010 13:53:38 +0000 (14:53 +0100)]
Convert the Tor manpage to asciidoc.
This should be a very faithful conversion, preserving as much of the layout
of the old manpage as possible. This wasn't possible for the nt-service
and the DataDirectory/state parts. See a later commit for some small
cleanups.
Tiago Faria helped with the asciidoc conversion, big thanks!
Karsten Loesing [Mon, 25 Jan 2010 18:44:17 +0000 (18:44 +0000)]
Fix a memory corruption bug while collecting bridge stats
We accidentally freed the internal buffer for bridge stats when we
were writing the bridge stats file or honoring a control port
request for said data. Change the interfaces for
geoip_get_bridge_stats* to prevent these problems, and remove the
offending free/add a tor_strdup.
Nick Mathewson [Mon, 25 Jan 2010 19:12:37 +0000 (14:12 -0500)]
Rearrange _thread_test_func to please Coverity Scan
I believe that since we were allocating *cp while holding a mutex,
coverity deduced that *cp must be protected by that mutex, and later
flipped out when we didn't use it that way. If this is so, we can
solve our problems by moving the *cp = tor_strdup(buf) part outside of
the mutex-protected code.
Nick Mathewson [Mon, 25 Jan 2010 19:09:58 +0000 (14:09 -0500)]
Try to untangle the logic in server_port_flush
It's a bit confusing to have a loop where another function,
confusingly named "*_free", is responsible for advancing the loop
variable (or rather, for altering a structure so that the next time
the loop variable's initializer is evaluated it evaluates to something
different.)
Not only has this confused people: it's also confused coverity scan.
Let's fix that.
Nick Mathewson [Fri, 22 Jan 2010 21:32:15 +0000 (16:32 -0500)]
Avoid a possible crash in tls_log_errors.
We were checking for msg==NULL, but not lib or proc. This case can
only occur if we have an error whose string we somehow haven't loaded,
but it's worth coding defensively here.
Nick Mathewson [Wed, 20 Jan 2010 17:36:14 +0000 (12:36 -0500)]
Don't use OutboundBindAddress to connect to localhost
The OutboundBindAddress option is useful for making sure that all of
your outbond connections use a given interface. But when connecting
to 127.0.0.1 (or ::1 even) it's important to actually have the
connection come _from_ localhost, since lots of programs running on
localhost use the source address to authenticate that the connection
is really coming from the same host.
Our old code always bound to OutboundBindAddress, whether connecting
to localhost or not. This would potentially break DNS servers on
localhost, and socks proxies on localhost. This patch changes the
behavior so that we only look at OutboundBindAddress when connecting
to a non-loopback address.
Roger Dingledine [Tue, 19 Jan 2010 19:25:15 +0000 (14:25 -0500)]
downgrade a warning
this case can now legitimately happen, if you have a cached v2 status
from moria1, and you run with the new list of dirservers that's missing
the old moria1. it's nothing to worry about; the file will die off in
a month or two.
which caused the build to fail, because only ../common/libor.a
(via the embedded ../common/util.o via ../common/util.c)
referenced libm's `lround' and `log' symbols, so that the
linker (GNU ld) didn't bother to import those symbols before
reading ../common/libor.a, thus leaving those symbols undefined.
The solution was to swap the order, producing the line:
projects / thirdparty / tor.git / log
