Merge branch 'maint-0.2.1' into release-0.2.1

2011-10-24 02:25:33 -04:00 · 2011-10-24 02:25:33 -04:00 · 6ef2e30c72
parent f1c43a1e64 ee545cd4cb
commit 6ef2e30c72
19 changed files with 16199 additions and 8670 deletions
--- a/changes/abandon-rend-circs-on-newnym
+++ b/changes/abandon-rend-circs-on-newnym
@ -0,0 +1,8 @@
+  o Security fixes:
+    - Don't attach new streams to old rendezvous circuits after SIGNAL
+      NEWNYM.  Previously, we would keep using an existing rendezvous
+      circuit if it remained open (i.e. if it were kept open by a
+      long-lived stream or if a new stream were attached to it before
+      Tor could notice that it was old and no longer in use and close
+      it).  Bugfix on 0.1.1.15-rc; fixes bug 3375.
+
--- a/changes/bug2574
+++ b/changes/bug2574
@ -0,0 +1,3 @@
+  o Minor features:
+    - Allow nameservers with IPv6 address. Fixes bug 2574.
+
--- a/changes/bug4014
+++ b/changes/bug4014
@ -0,0 +1,3 @@
+  o Minor features:
+    - Adjust the expiration time on our SSL session certificates to
+      better match SSL certs seen in the wild. Resolves ticket 4014.
--- a/changes/cid_428
+++ b/changes/cid_428
@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Always NUL-terminate the sun_path field of a sockaddr_un before
+      passing it to the kernel. (Not a security issue: kernels are
+      smart enough to reject bad sockaddr_uns.) Found by Coverity; CID
+      # 428. Bugfix on Tor 0.2.0.3-alpha.
--- a/changes/cid_450
+++ b/changes/cid_450
@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Don't stack-allocate the list of supplementary GIDs when we're
+      about to log them. Stack-allocating NGROUPS_MAX gid_t elements
+      could take up to 256K, which is way too much stack.  Found by
+      Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
--- a/changes/geoip-august2011
+++ b/changes/geoip-august2011
@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the August 2 2011 Maxmind GeoLite Country database.
+
--- a/changes/geoip-july2011
+++ b/changes/geoip-july2011
@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the July 1 2011 Maxmind GeoLite Country database.
+
--- a/changes/geoip-june2011
+++ b/changes/geoip-june2011
@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the June 1 2011 Maxmind GeoLite Country database.
+
--- a/changes/geoip-october2011
+++ b/changes/geoip-october2011
@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the October 4 2011 Maxmind GeoLite Country database.
+
--- a/changes/geoip-september2011
+++ b/changes/geoip-september2011
@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the September 6 2011 Maxmind GeoLite Country database.
+
--- a/src/common/compat.c
+++ b/src/common/compat.c
@ -1080,7 +1080,8 @@ log_credential_status(void)
  /* Read, effective and saved GIDs */
  gid_t rgid, egid, sgid;
  /* Supplementary groups */
-  gid_t sup_gids[NGROUPS_MAX + 1];
+  gid_t *sup_gids = NULL;
+  int sup_gids_size;
  /* Number of supplementary groups */
  int ngids;

@ -1126,9 +1127,19 @@ log_credential_status(void)
 #endif

  /* log supplementary groups */
-  if ((ngids = getgroups(NGROUPS_MAX + 1, sup_gids)) < 0) {
+  sup_gids_size = 64;
+  sup_gids = tor_malloc(sizeof(gid_t) * 64);
+  while ((ngids = getgroups(sup_gids_size, sup_gids)) < 0 &&
+         errno == EINVAL &&
+         sup_gids_size < NGROUPS_MAX) {
+    sup_gids_size *= 2;
+    sup_gids = tor_realloc(sup_gids, sizeof(gid_t) * sup_gids_size);
+  }
+
+  if (ngids < 0) {
    log_warn(LD_GENERAL, "Error getting supplementary GIDs: %s",
             strerror(errno));
+    tor_free(sup_gids);
    return -1;
  } else {
    int i, retval = 0;
@ -1158,6 +1169,7 @@ log_credential_status(void)
      tor_free(cp);
    });
    smartlist_free(elts);
+    tor_free(sup_gids);

    return retval;
  }
--- a/src/config/geoip
+++ b/src/config/geoip
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@ -59,7 +59,8 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn,
      return 0;
  }

-  if (purpose == CIRCUIT_PURPOSE_C_GENERAL)
+  if (purpose == CIRCUIT_PURPOSE_C_GENERAL ||
+      purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
    if (circ->timestamp_dirty &&
       circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now)
      return 0;
--- a/src/or/connection.c
+++ b/src/or/connection.c
@ -804,7 +804,13 @@ create_unix_sockaddr(const char *listenaddress, char **readable_address,

  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
  sockaddr->sun_family = AF_UNIX;
-  strncpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path));
+  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
+      >= sizeof(sockaddr->sun_path)) {
+    log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
+             escaped(listenaddress));
+    tor_free(sockaddr);
+    return NULL;
+  }

  if (readable_address)
    *readable_address = tor_strdup(listenaddress);
--- a/src/or/eventdns.c
+++ b/src/or/eventdns.c
@ -2320,7 +2320,7 @@ _evdns_nameserver_add_impl(const struct sockaddr *address,
 	memset(ns, 0, sizeof(struct nameserver));
 	ns->timeout_event_deleted = __LINE__;

-	ns->socket = socket(PF_INET, SOCK_DGRAM, 0);
+	ns->socket = socket(address->sa_family, SOCK_DGRAM, 0);
 	if (ns->socket < 0) { err = 1; goto out1; }
 #ifdef WIN32
 	{
--- a/src/or/main.c
+++ b/src/or/main.c
@ -866,12 +866,14 @@ run_scheduled_events(time_t now)
      now + DESCRIPTOR_FAILURE_RESET_INTERVAL;
  }

-  /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
+  /** 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
+   * TLS context. */
  if (!last_rotated_x509_certificate)
    last_rotated_x509_certificate = now;
-  if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) {
+  if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) {
    log_info(LD_GENERAL,"Rotating tls context.");
-    if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) {
+    if (tor_tls_context_new(get_identity_key(),
+                            MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
      log_warn(LD_BUG, "Error reinitializing TLS context");
      /* XXX is it a bug here, that we just keep going? -RD */
    }
--- a/src/or/or.h
+++ b/src/or/or.h
@ -166,7 +166,9 @@
 /** How often do we rotate onion keys? */
 #define MIN_ONION_KEY_LIFETIME (7*24*60*60)
 /** How often do we rotate TLS contexts? */
-#define MAX_SSL_KEY_LIFETIME (2*60*60)
+#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
+/** What expiry time shall we place on our SSL certs? */
+#define MAX_SSL_KEY_LIFETIME_ADVERTISED (365*24*60*60)

 /** How old do we allow a router to get before removing it
 * from the router list? In seconds. */
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@ -1077,6 +1077,7 @@ rend_cache_store(const char *desc, size_t desc_len, int published,
    log_warn(LD_REND, "Received service descriptor for service ID %s; "
             "expected descriptor for service ID %s.",
             query, safe_str(service_id));
+    rend_service_descriptor_free(parsed);
    return -2;
  }
  now = time(NULL);
--- a/src/or/router.c
+++ b/src/or/router.c
@ -458,7 +458,8 @@ init_keys(void)
    }
    set_identity_key(prkey);
    /* Create a TLS context; default the client nickname to "client". */
-    if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) {
+    if (tor_tls_context_new(get_identity_key(),
+                            MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
      log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
      return -1;
    }
@ -536,7 +537,8 @@ init_keys(void)
  tor_free(keydir);

  /* 3. Initialize link key and TLS context. */
-  if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) {
+  if (tor_tls_context_new(get_identity_key(),
+                          MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) {
    log_err(LD_GENERAL,"Error initializing TLS context");
    return -1;
  }