Merge branch 'maint-0.2.4' into release-0.2.4

changes/bug9288

@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Fix an invalid memory read that occured when a pluggable
+      transport proxy failed its configuration protocol.
+      Fixes bug 9288.

changes/bug9354

@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Make the default behavior of NumDirectoryGuards be to track
+      NumEntryGuards. Now a user who changes only NumEntryGuards will get
+      the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
+

doc/tor.1.txt

@@ -1043,7 +1043,8 @@ The following options are useful only for clients (that is, if
     fraction of your paths. (Default: 1)
 
 **UseEntryGuardsAsDirectoryGuards** **0**|**1**::
-    If this option is set to 1, we try to use our entry guards as directory
+    If this option is set to 1, and UseEntryGuards is also set to 1,
+    we try to use our entry guards as directory
     guards, and failing that, pick more nodes to act as our directory guards.
     This helps prevent an adversary from enumerating clients. It's only
     available for clients (non-relay, non-bridge) that aren't configured to
@@ -1056,7 +1057,8 @@ The following options are useful only for clients (that is, if
 
 **NumDirectoryGuards** __NUM__::
     If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we
-    have at least NUM routers to use as directory guards. (Default: 3)
+    have at least NUM routers to use as directory guards. If this option
+    is set to 0, use the value from NumEntryGuards. (Default: 0)
 
 **GuardLifetime**  __N__ **days**|**weeks**|**months**::
     If nonzero, and UseEntryGuards is set, minimum time to keep a guard before

src/or/config.c

@@ -314,7 +314,7 @@ static config_var_t option_vars_[] = {
   OBSOLETE("NoPublish"),
   VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
   V(NumCPUs,                     UINT,     "0"),
-  V(NumDirectoryGuards,          UINT,     "3"),
+  V(NumDirectoryGuards,          UINT,     "0"),
   V(NumEntryGuards,              UINT,     "3"),
   V(ORListenAddress,             LINELIST, NULL),
   VPORT(ORPort,                      LINELIST, NULL),

src/or/entrynodes.c

@@ -415,14 +415,24 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
   return node;
 }
 
+/** Choose how many entry guards or directory guards we'll use. If
+ * <b>for_directory</b> is true, we return how many directory guards to
+ * use; else we return how many entry guards to use. */
+static int
+decide_num_guards(const or_options_t *options, int for_directory)
+{
+  if (for_directory && options->NumDirectoryGuards != 0)
+    return options->NumDirectoryGuards;
+  return options->NumEntryGuards;
+}
+
 /** If the use of entry guards is configured, choose more entry guards
  * until we have enough in the list. */
 static void
 pick_entry_guards(const or_options_t *options, int for_directory)
 {
   int changed = 0;
-  const int num_needed = for_directory ? options->NumDirectoryGuards :
-    options->NumEntryGuards;
+  const int num_needed = decide_num_guards(options, for_directory);
 
   tor_assert(entry_guards);
 
@@ -962,8 +972,7 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
   int need_capacity = state ? state->need_capacity : 0;
   int preferred_min, consider_exit_family = 0;
   int need_descriptor = !for_directory;
-  const int num_needed = for_directory ? options->NumDirectoryGuards :
-    options->NumEntryGuards;
+  const int num_needed = decide_num_guards(options, for_directory);
 
   if (chosen_exit) {
     nodelist_add_node_and_family(exit_family, chosen_exit);

src/or/or.h

@@ -3769,7 +3769,8 @@ typedef struct {
   int NumEntryGuards; /**< How many entry guards do we try to establish? */
   int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info
                                   * from a smallish number of fixed nodes? */
-  int NumDirectoryGuards; /**< How many dir guards do we try to establish? */
+  int NumDirectoryGuards; /**< How many dir guards do we try to establish?
+                           * If 0, use value from NumEntryGuards. */
   int RephistTrackTime; /**< How many seconds do we keep rephist info? */
   int FastFirstHopPK; /**< If Tor believes it is safe, should we save a third
                        * of our PK time by sending CREATE_FAST cells? */

src/or/transports.c

@@ -105,7 +105,7 @@ static void managed_proxy_destroy(managed_proxy_t *mp,
                                   int also_terminate_process);
 
 static void handle_finished_proxy(managed_proxy_t *mp);
-static void configure_proxy(managed_proxy_t *mp);
+static int configure_proxy(managed_proxy_t *mp);
 
 static void parse_method_error(const char *line, int is_server_method);
 #define parse_server_method_error(l) parse_method_error(l, 1)
@@ -572,10 +572,8 @@ pt_configure_remaining_proxies(void)
     /* If the proxy is not fully configured, try to configure it
        futher. */
     if (!proxy_configuration_finished(mp))
-      configure_proxy(mp);
-
-    if (proxy_configuration_finished(mp))
-      at_least_a_proxy_config_finished = 1;
+      if (configure_proxy(mp) == 1)
+        at_least_a_proxy_config_finished = 1;
 
   } SMARTLIST_FOREACH_END(mp);
 
@@ -587,10 +585,14 @@ pt_configure_remaining_proxies(void)
     mark_my_descriptor_dirty("configured managed proxies");
 }
 
-/** Attempt to continue configuring managed proxy <b>mp</b>. */
-static void
+/** Attempt to continue configuring managed proxy <b>mp</b>.
+ *  Return 1 if the transport configuration finished, and return 0
+ *  otherwise (if we still have more configuring to do for this
+ *  proxy). */
+static int
 configure_proxy(managed_proxy_t *mp)
 {
+  int configuration_finished = 0;
   smartlist_t *proxy_output = NULL;
   enum stream_status stream_status = 0;
 
@@ -600,7 +602,7 @@ configure_proxy(managed_proxy_t *mp)
       mp->conf_state = PT_PROTO_FAILED_LAUNCH;
       handle_finished_proxy(mp);
     }
-    return;
+    return 0;
   }
 
   tor_assert(mp->conf_state != PT_PROTO_INFANT);
@@ -632,13 +634,17 @@ configure_proxy(managed_proxy_t *mp)
 
  done:
   /* if the proxy finished configuring, exit the loop. */
-  if (proxy_configuration_finished(mp))
+  if (proxy_configuration_finished(mp)) {
     handle_finished_proxy(mp);
+    configuration_finished = 1;
+  }
 
   if (proxy_output) {
     SMARTLIST_FOREACH(proxy_output, char *, cp, tor_free(cp));
     smartlist_free(proxy_output);
   }
+
+  return configuration_finished;
 }
 
 /** Register server managed proxy <b>mp</b> transports to state */