sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'maint-0.2.2' into release-0.2.2

This commit is contained in:
Roger Dingledine 2011-06-19 21:03:44 -04:00
parent 66f847857c 8e5dfe42a0
commit 7cc2b9dc83
29 changed files with 3950 additions and 1724 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
changes/abandon-rend-circs-on-newnym Normal file
View File

@ -0,0 +1,8 @@
o Security fixes:
- Don't attach new streams to old rendezvous circuits after SIGNAL
NEWNYM. Previously, we would keep using an existing rendezvous
circuit if it remained open (i.e. if it were kept open by a
long-lived stream or if a new stream were attached to it before
Tor could notice that it was old and no longer in use and close
it). Bugfix on 0.1.1.15-rc; fixes bug 3375.

7
changes/bug2355_revert Normal file
View File

@ -0,0 +1,7 @@
o Minor bugfixes:
- Revert the UseBridges option to its behavior before 0.2.2.28-beta.
When we changed the default behavior to "use bridges if any are
listed in the torrc", we broke a number of users who had bridges
in their torrc files but who didn't actually want to use them.
Partial resolution for bug 3354.

9
changes/bug3306 Normal file
View File

@ -0,0 +1,9 @@
o Minor bugfixes:
- Make our crypto_rand_int() function check the value of its input
correctly. Previously, it accepted values up to UINT_MAX, but
could return a negative number if given a value above INT_MAX+1.
Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14.
- Avoid a segfault when reading a malformed circuit build state
with more than INT_MAX entries. Found by wanoskarnet. Bugfix on
0.2.2.4-alpha.

4
changes/bug3369 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes:
- When asked about a DNS record type we don't support via a
client DNSPort, reply with NOTIMPL rather than an empty
reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha.

5
changes/bug3393 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes:
- Fix a bug when using ControlSocketsGroupWritable with User. The
directory's group would be checked against the current group, not
the configured group. Patch by Jérémy Bobbio. Fixes bug3393; bugfix
on Tor 0.2.2.26-beta.

9
changes/coverity_maint Normal file
View File

@ -0,0 +1,9 @@
o Code simplifications and refactoring:
- Remove some dead code as indicated by coverity.
- Remove a few dead assignments during router parsing. Found by coverity.
o Minor bugfixes:
- Add some forgotten return value checks during unit tests. Found
by coverity.
- Don't use 1-bit wide signed bit fields. Found by coverity.
- Fix a rare memory leak during stats writing. Found by coverity.

15
changes/fix-connection_printf_to_buf Normal file
View File

@ -0,0 +1,15 @@
* Code simplifications and refactoring:
- Make connection_printf_to_buf's behaviour sane. Its callers
expect it to emit a CRLF iff the format string ends with CRLF;
it actually emits a CRLF iff (a) the format string ends with
CRLF or (b) the resulting string is over 1023 characters long or
(c) the format string does not end with CRLF ''and'' the
resulting string is 1021 characters long or longer. Bugfix on
0.1.1.9-alpha; fixes part of bug 3407.
- Make send_control_event_impl's behaviour sane. Its callers
expect it to always emit a CRLF at the end of the string; it
might emit extra control characters as well. Bugfix on
0.1.1.9-alpha; fixes another part of bug 3407.

3
changes/geoip-june2011 Normal file
View File

@ -0,0 +1,3 @@
o Minor features:
- Update to the June 1 2011 Maxmind GeoLite Country database.

10
doc/tor.1.txt
View File

@ -708,14 +708,10 @@ The following options are useful only for clients (that is, if
from the configured bridge authorities when feasible. It will fall back to
a direct request if the authority responds with a 404. (Default: 0)
**UseBridges** **0**|**1**|**auto**::
Make Tor fetch descriptors for each bridge listed in the "Bridge"
**UseBridges** **0**|**1**::
When set, Tor will fetch descriptors for each bridge listed in the "Bridge"
config lines, and use these relays as both entry guards and directory
guards. If the option is 1, bridges must be used and if no bridges are
configured Tor will not make any connections until a bridge is configured;
if it's "auto", Tor will use bridges if any are configured, otherwise it
will connect directly to the Tor network; if it's 0, bridges are not used
at all. (Defaults to auto)
guards. (Default: 0)
**UseEntryGuards** **0**|**1**::
If this option is set to 1, we pick a few long-term entry servers, and try

5
src/common/crypto.c
View File

@ -2145,13 +2145,14 @@ crypto_rand(char *to, size_t n)
}
/** Return a pseudorandom integer, chosen uniformly from the values
* between 0 and <b>max</b>-1. */
* between 0 and <b>max</b>-1 inclusive. <b>max</b> must be between 1 and
* INT_MAX+1, inclusive. */
int
crypto_rand_int(unsigned int max)
{
unsigned int val;
unsigned int cutoff;
tor_assert(max < UINT_MAX);
tor_assert(max <= ((unsigned int)INT_MAX)+1);
tor_assert(max > 0); /* don't div by 0 */
/* We ignore any values that are >= 'cutoff,' to avoid biasing the

33
src/common/util.c
View File

@ -1677,15 +1677,20 @@ file_status(const char *fname)
* is group-readable, but in all cases we create the directory mode 0700.
* If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions
* if they are too permissive: we just return -1.
* When effective_user is not NULL, check permissions against the given user and
* its primary group.
*/
int
check_private_dir(const char *dirname, cpd_check_t check)
check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
{
int r;
struct stat st;
char *f;
#ifndef MS_WINDOWS
int mask;
struct passwd *pw = NULL;
uid_t running_uid;
gid_t running_gid;
#endif
tor_assert(dirname);
@ -1724,33 +1729,47 @@ check_private_dir(const char *dirname, cpd_check_t check)
return -1;
}
#ifndef MS_WINDOWS
if (st.st_uid != getuid()) {
if (effective_user) {
/* Lookup the user and group information, if we have a problem, bail out. */
pw = getpwnam(effective_user);
if (pw == NULL) {
log_warn(LD_CONFIG, "Error setting configured user: %s not found", effective_user);
return -1;
}
running_uid = pw->pw_uid;
running_gid = pw->pw_gid;
} else {
running_uid = getuid();
running_gid = getgid();
}
if (st.st_uid != running_uid) {
struct passwd *pw = NULL;
char *process_ownername = NULL;
pw = getpwuid(getuid());
pw = getpwuid(running_uid);
process_ownername = pw ? tor_strdup(pw->pw_name) : tor_strdup("<unknown>");
pw = getpwuid(st.st_uid);
log_warn(LD_FS, "%s is not owned by this user (%s, %d) but by "
"%s (%d). Perhaps you are running Tor as the wrong user?",
dirname, process_ownername, (int)getuid(),
dirname, process_ownername, (int)running_uid,
pw ? pw->pw_name : "<unknown>", (int)st.st_uid);
tor_free(process_ownername);
return -1;
}
if ((check & CPD_GROUP_OK) && st.st_gid != getgid()) {
if ((check & CPD_GROUP_OK) && st.st_gid != running_gid) {
struct group *gr;
char *process_groupname = NULL;
gr = getgrgid(getgid());
gr = getgrgid(running_gid);
process_groupname = gr ? tor_strdup(gr->gr_name) : tor_strdup("<unknown>");
gr = getgrgid(st.st_gid);
log_warn(LD_FS, "%s is not owned by this group (%s, %d) but by group "
"%s (%d). Are you running Tor as the wrong user?",
dirname, process_groupname, (int)getgid(),
dirname, process_groupname, (int)running_gid,
gr ? gr->gr_name : "<unknown>", (int)st.st_gid);
tor_free(process_groupname);

3
src/common/util.h
View File

@ -292,7 +292,8 @@ typedef unsigned int cpd_check_t;
#define CPD_CHECK 2
#define CPD_GROUP_OK 4
#define CPD_CHECK_MODE_ONLY 8
int check_private_dir(const char *dirname, cpd_check_t check);
int check_private_dir(const char *dirname, cpd_check_t check,
const char *effective_user);
#define OPEN_FLAGS_REPLACE (O_WRONLY|O_CREAT|O_TRUNC)
#define OPEN_FLAGS_APPEND (O_WRONLY|O_CREAT|O_APPEND)
typedef struct open_file_t open_file_t;

5398
src/config/geoip
View File

File diff suppressed because it is too large Load Diff

10
src/or/circuitbuild.c
View File

@ -678,7 +678,15 @@ circuit_build_times_shuffle_and_store_array(circuit_build_times_t *cbt,
log_notice(LD_CIRC, "The number of circuit times that this Tor version "
"uses to calculate build times is less than the number stored "
"in your state file. Decreasing the circuit time history from "
"%d to %d.", num_times, CBT_NCIRCUITS_TO_OBSERVE);
"%lu to %d.", (unsigned long)num_times,
CBT_NCIRCUITS_TO_OBSERVE);
}
if (n > INT_MAX-1) {
log_warn(LD_CIRC, "For some insane reasons, you had %lu circuit build "
"observations in your state file. That's far too many; probably "
"there's a bug here.", (unsigned long)n);
n = INT_MAX-1;
}
/* This code can only be run on a compact array */

4
src/or/circuitlist.c
View File

@ -775,8 +775,8 @@ circuit_get_by_circid_orconn_impl(circid_t circ_id, or_connection_t *conn)
return found->circuit;
return NULL;
/* The rest of this checks for bugs. Disabled by default. */
/* We comment it out because coverity complains otherwise.
{
circuit_t *circ;
for (circ=global_circuitlist;circ;circ = circ->next) {
@ -795,7 +795,7 @@ circuit_get_by_circid_orconn_impl(circid_t circ_id, or_connection_t *conn)
}
}
return NULL;
}
} */
}
/** Return a circ such that:

3
src/or/circuituse.c
View File

@ -73,7 +73,8 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn,
return 0;
}
if (purpose == CIRCUIT_PURPOSE_C_GENERAL)
if (purpose == CIRCUIT_PURPOSE_C_GENERAL ||
purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
if (circ->timestamp_dirty &&
circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now)
return 0;

25
src/or/config.c
View File

@ -376,7 +376,7 @@ static config_var_t _option_vars[] = {
V(TransPort, PORT, "0"),
V(TunnelDirConns, BOOL, "1"),
V(UpdateBridgesFromAuthority, BOOL, "0"),
VAR("UseBridges", STRING, UseBridges_, "auto"),
V(UseBridges, BOOL, "0"),
V(UseEntryGuards, BOOL, "1"),
V(User, STRING, NULL),
VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
@ -1025,7 +1025,8 @@ options_act_reversible(or_options_t *old_options, char **msg)
/* Ensure data directory is private; create if possible. */
if (check_private_dir(options->DataDirectory,
running_tor ? CPD_CREATE : CPD_CHECK)<0) {
running_tor ? CPD_CREATE : CPD_CHECK,
options->User)<0) {
tor_asprintf(msg,
"Couldn't access/create private data directory \"%s\"",
options->DataDirectory);
@ -1038,7 +1039,8 @@ options_act_reversible(or_options_t *old_options, char **msg)
char *fn = tor_malloc(len);
tor_snprintf(fn, len, "%s"PATH_SEPARATOR"cached-status",
options->DataDirectory);
if (check_private_dir(fn, running_tor ? CPD_CREATE : CPD_CHECK) < 0) {
if (check_private_dir(fn, running_tor ? CPD_CREATE : CPD_CHECK,
options->User) < 0) {
tor_asprintf(msg,
"Couldn't access/create private data directory \"%s\"", fn);
tor_free(fn);
@ -3232,19 +3234,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
"of the Internet, so they must not set Reachable*Addresses "
"or FascistFirewall.");
/* XXX023 use autobool instead. */
if (!strcmp(options->UseBridges_, "auto")) {
options->UseBridges = (options->Bridges &&
!server_mode(options) &&
!options->EntryNodes);
} else if (!strcmp(options->UseBridges_, "0")) {
options->UseBridges = 0;
} else if (!strcmp(options->UseBridges_, "1")) {
options->UseBridges = 1;
} else {
REJECT("UseBridges must be 0, 1, or auto");
}
if (options->UseBridges &&
server_mode(options))
REJECT("Servers must be able to freely connect to the rest "
@ -3579,8 +3568,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
if (validate_dir_authorities(options, old_options) < 0)
REJECT("Directory authority line did not parse. See logs for details.");
if (options->UseBridges && !options->Bridges)
REJECT("If you set UseBridges, you must specify at least one bridge.");
if (options->UseBridges && !options->TunnelDirConns)
REJECT("TunnelDirConns set to 0 only works with UseBridges set to 0");
REJECT("If you set UseBridges, you must set TunnelDirConns.");
if (options->Bridges) {
for (cl = options->Bridges; cl; cl = cl->next) {
if (parse_bridge_line(cl->value, 1)<0)

2
src/or/connection.c
View File

@ -867,7 +867,7 @@ check_location_for_unix_socket(or_options_t *options, const char *path)
if (options->ControlSocketsGroupWritable)
flags |= CPD_GROUP_OK;
if (check_private_dir(p, flags) < 0) {
if (check_private_dir(p, flags, options->User) < 0) {
char *escpath, *escdir;
escpath = esc_for_log(path);
escdir = esc_for_log(p);

5
src/or/connection_or.c
View File

@ -929,13 +929,16 @@ connection_tls_continue_handshake(or_connection_t *conn)
if (! tor_tls_used_v1_handshake(conn->tls)) {
if (!tor_tls_is_server(conn->tls)) {
if (conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING) {
// log_notice(LD_OR,"Done. state was TLS_HANDSHAKING.");
log_debug(LD_OR, "Done with initial SSL handshake (client-side). "
"Requesting renegotiation.");
conn->_base.state = OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING;
goto again;
}
// log_notice(LD_OR,"Done. state was %d.", conn->_base.state);
} else {
/* improved handshake, but not a client. */
log_debug(LD_OR, "Done with initial SSL handshake (server-side). "
"Expecting renegotiation.");
tor_tls_set_renegotiate_callback(conn->tls,
connection_or_tls_renegotiated_cb,
conn);

64
src/or/control.c
View File

@ -98,7 +98,7 @@ static int disable_log_messages = 0;
static int authentication_cookie_is_set = 0;
/** If authentication_cookie_is_set, a secret cookie that we've stored to disk
* and which we're using to authenticate controllers. (If the controller can
* read it off disk, it has permission to connect. */
* read it off disk, it has permission to connect.) */
static char authentication_cookie[AUTHENTICATION_COOKIE_LEN];
/** A sufficiently large size to record the last bootstrap phase string. */
@ -481,33 +481,26 @@ decode_escaped_string(const char *start, size_t in_len_max,
}
/** Acts like sprintf, but writes its formatted string to the end of
* <b>conn</b>-\>outbuf. The message may be truncated if it is too long,
* but it will always end with a CRLF sequence.
*
* Currently the length of the message is limited to 1024 (including the
* ending CR LF NUL ("\\r\\n\\0"). */
* <b>conn</b>-\>outbuf. */
static void
connection_printf_to_buf(control_connection_t *conn, const char *format, ...)
{
#define CONNECTION_PRINTF_TO_BUF_BUFFERSIZE 1024
va_list ap;
char buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE];
int r;
size_t len;
char *buf = NULL;
int len;
va_start(ap,format);
r = tor_vsnprintf(buf, sizeof(buf), format, ap);
len = tor_vasprintf(&buf, format, ap);
va_end(ap);
if (r<0) {
if (len < 0) {
log_warn(LD_BUG, "Unable to format string for controller.");
return;
}
len = strlen(buf);
if (fast_memcmp("\r\n\0", buf+len-2, 3)) {
buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-1] = '\0';
buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-2] = '\n';
buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-3] = '\r';
}
connection_write_to_buf(buf, len, TO_CONN(conn));
connection_write_to_buf(buf, (size_t)len, TO_CONN(conn));
tor_free(buf);
}
/** Write all of the open control ports to ControlPortWriteToFile */
@ -606,46 +599,31 @@ send_control_event_string(uint16_t event, event_format_t which,
} SMARTLIST_FOREACH_END(conn);
}
/** Helper for send_control1_event and send_control1_event_extended:
/** Helper for send_control_event and control_event_status:
* Send an event to all v1 controllers that are listening for code
* <b>event</b>. The event's body is created by the printf-style format in
* <b>format</b>, and other arguments as provided.
*
* Currently the length of the message is limited to 1024 (including the
* ending \\r\\n\\0). */
* <b>format</b>, and other arguments as provided. */
static void
send_control_event_impl(uint16_t event, event_format_t which,
const char *format, va_list ap)
{
/* This is just a little longer than the longest allowed log message */
#define SEND_CONTROL1_EVENT_BUFFERSIZE 10064
int r;
char buf[SEND_CONTROL1_EVENT_BUFFERSIZE];
size_t len;
char *buf = NULL;
int len;
r = tor_vsnprintf(buf, sizeof(buf), format, ap);
if (r<0) {
len = tor_vasprintf(&buf, format, ap);
if (len < 0) {
log_warn(LD_BUG, "Unable to format event for controller.");
return;
}
len = strlen(buf);
if (fast_memcmp("\r\n\0", buf+len-2, 3)) {
/* if it is not properly terminated, do it now */
buf[SEND_CONTROL1_EVENT_BUFFERSIZE-1] = '\0';
buf[SEND_CONTROL1_EVENT_BUFFERSIZE-2] = '\n';
buf[SEND_CONTROL1_EVENT_BUFFERSIZE-3] = '\r';
}
send_control_event_string(event, which|ALL_FORMATS, buf);
tor_free(buf);
}
/** Send an event to all v1 controllers that are listening for code
* <b>event</b>. The event's body is created by the printf-style format in
* <b>format</b>, and other arguments as provided.
*
* Currently the length of the message is limited to 1024 (including the
* ending \\n\\r\\0. */
* <b>format</b>, and other arguments as provided. */
static void
send_control_event(uint16_t event, event_format_t which,
const char *format, ...)

4
src/or/dnsserv.c
View File

@ -95,8 +95,8 @@ evdns_server_callback(struct evdns_server_request *req, void *_data)
}
if (!q) {
log_info(LD_APP, "None of the questions we got were ones we're willing "
"to support. Sending NODATA.");
evdns_server_request_respond(req, DNS_ERR_NONE);
"to support. Sending NOTIMPL.");
evdns_server_request_respond(req, DNS_ERR_NOTIMPL);
return;
}
if (q->type != EVDNS_TYPE_A) {

6
src/or/geoip.c
View File

@ -970,7 +970,7 @@ geoip_dirreq_stats_write(time_t now)
geoip_remove_old_clients(start_of_dirreq_stats_interval);
statsdir = get_datadir_fname("stats");
if (check_private_dir(statsdir, CPD_CREATE) < 0)
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0)
goto done;
filename = get_datadir_fname2("stats", "dirreq-stats");
data_v2 = geoip_get_client_history(GEOIP_CLIENT_NETWORKSTATUS_V2);
@ -1209,7 +1209,7 @@ geoip_bridge_stats_write(time_t now)
/* Write it to disk. */
statsdir = get_datadir_fname("stats");
if (check_private_dir(statsdir, CPD_CREATE) < 0)
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0)
goto done;
filename = get_datadir_fname2("stats", "bridge-stats");
@ -1304,7 +1304,7 @@ geoip_entry_stats_write(time_t now)
geoip_remove_old_clients(start_of_entry_stats_interval);
statsdir = get_datadir_fname("stats");
if (check_private_dir(statsdir, CPD_CREATE) < 0)
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0)
goto done;
filename = get_datadir_fname2("stats", "entry-stats");
data = geoip_get_client_history(GEOIP_CLIENT_CONNECT);

12
src/or/or.h
View File

@ -2480,17 +2480,7 @@ typedef struct {
* when doing so. */
char *BridgePassword;
/** Whether we should start all circuits with a bridge. "1" means strictly
* yes, "0" means strictly no, and "auto" means that we do iff any bridges
* are configured, we are not running a server and have not specified a list
* of entry nodes. */
char *UseBridges_;
/** Effective value of UseBridges. Will be set equally for UseBridges set to
* 1 or 0, but for 'auto' it will be set to 1 iff any bridges are
* configured, we are not running a server and have not specified a list of
* entry nodes. */
int UseBridges;
int UseBridges; /**< Boolean: should we start all circuits with a bridge? */
config_line_t *Bridges; /**< List of bootstrap bridge addresses. */
int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make

2
src/or/policies.c
View File

@ -45,7 +45,7 @@ typedef struct policy_summary_item_t {
uint16_t prt_max; /**< Highest port number to accept/reject. */
uint64_t reject_count; /**< Number of IP-Addresses that are rejected to
this port range. */
int accepted:1; /** Has this port already been accepted */
unsigned int accepted:1; /** Has this port already been accepted */
} policy_summary_item_t;
/** Private networks. This list is used in two places, once to expand the

2
src/or/rendservice.c
View File

@ -569,7 +569,7 @@ rend_service_load_keys(void)
s->directory);
/* Check/create directory */
if (check_private_dir(s->directory, CPD_CREATE) < 0)
if (check_private_dir(s->directory, CPD_CREATE, get_options()->User) < 0)
return -1;
/* Load key */

13
src/or/rephist.c
View File

@ -2307,7 +2307,7 @@ rep_hist_exit_stats_write(time_t now)
/* Try to write to disk. */
statsdir = get_datadir_fname("stats");
if (check_private_dir(statsdir, CPD_CREATE) < 0) {
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0) {
log_warn(LD_HIST, "Unable to create stats/ directory!");
goto done;
}
@ -2401,8 +2401,7 @@ rep_hist_buffer_stats_add_circ(circuit_t *circ, time_t end_of_interval)
stat = tor_malloc_zero(sizeof(circ_buffer_stats_t));
stat->processed_cells = orcirc->processed_cells;
/* 1000.0 for s -> ms; 2.0 because of app-ward and exit-ward queues */
stat->mean_num_cells_in_queue = interval_length == 0 ? 0.0 :
(double) orcirc->total_cell_waiting_time /
stat->mean_num_cells_in_queue = (double) orcirc->total_cell_waiting_time /
(double) interval_length / 1000.0 / 2.0;
stat->mean_time_cells_in_queue =
(double) orcirc->total_cell_waiting_time /
@ -2452,8 +2451,8 @@ rep_hist_buffer_stats_write(time_t now)
int processed_cells[SHARES], circs_in_share[SHARES],
number_of_circuits, i;
double queued_cells[SHARES], time_in_queue[SHARES];
smartlist_t *str_build = smartlist_create();
char *str = NULL, *buf=NULL;
smartlist_t *str_build = NULL;
char *str = NULL, *buf = NULL;
circuit_t *circ;
if (!start_of_buffer_stats_interval)
@ -2461,6 +2460,8 @@ rep_hist_buffer_stats_write(time_t now)
if (start_of_buffer_stats_interval + WRITE_STATS_INTERVAL > now)
goto done; /* Not ready to write */
str_build = smartlist_create();
/* add current circuits to stats */
for (circ = _circuit_get_global_list(); circ; circ = circ->next)
rep_hist_buffer_stats_add_circ(circ, now);
@ -2496,7 +2497,7 @@ rep_hist_buffer_stats_write(time_t now)
smartlist_clear(circuits_for_buffer_stats);
/* write to file */
statsdir = get_datadir_fname("stats");
if (check_private_dir(statsdir, CPD_CREATE) < 0)
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0)
goto done;
filename = get_datadir_fname2("stats", "buffer-stats");
out = start_writing_to_stdio_file(filename, OPEN_FLAGS_APPEND,

4
src/or/router.c
View File

@ -533,12 +533,12 @@ init_keys(void)
return 0;
}
/* Make sure DataDirectory exists, and is private. */
if (check_private_dir(options->DataDirectory, CPD_CREATE)) {
if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
return -1;
}
/* Check the key directory. */
keydir = get_datadir_fname("keys");
if (check_private_dir(keydir, CPD_CREATE)) {
if (check_private_dir(keydir, CPD_CREATE, options->User)) {
tor_free(keydir);
return -1;
}

6
src/or/routerparse.c
View File

@ -1544,10 +1544,10 @@ router_parse_entry_from_string(const char *s, const char *end,
}
}
if ((tok = find_opt_by_keyword(tokens, K_CACHES_EXTRA_INFO)))
if (find_opt_by_keyword(tokens, K_CACHES_EXTRA_INFO))
router->caches_extra_info = 1;
if ((tok = find_opt_by_keyword(tokens, K_ALLOW_SINGLE_HOP_EXITS)))
if (find_opt_by_keyword(tokens, K_ALLOW_SINGLE_HOP_EXITS))
router->allow_single_hop_exits = 1;
if ((tok = find_opt_by_keyword(tokens, K_EXTRA_INFO_DIGEST))) {
@ -1560,7 +1560,7 @@ router_parse_entry_from_string(const char *s, const char *end,
}
}
if ((tok = find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR))) {
if (find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR)) {
router->wants_to_be_hs_dir = 1;
}

3
src/test/test_addr.c
View File

@ -436,13 +436,16 @@ test_addr_ip6_helpers(void)
/* test tor_addr_parse_mask_ports */
test_addr_mask_ports_parse("[::f]/17:47-95", AF_INET6,
0, 0, 0, 0x0000000f, 17, 47, 95);
test_streq(p1, "::f");
//test_addr_parse("[::fefe:4.1.1.7/120]:999-1000");
//test_addr_parse_check("::fefe:401:107", 120, 999, 1000);
test_addr_mask_ports_parse("[::ffff:4.1.1.7]/120:443", AF_INET6,
0, 0, 0x0000ffff, 0x04010107, 120, 443, 443);
test_streq(p1, "::ffff:4.1.1.7");
test_addr_mask_ports_parse("[abcd:2::44a:0]:2-65000", AF_INET6,
0xabcd0002, 0, 0, 0x044a0000, 128, 2, 65000);
test_streq(p1, "abcd:2::44a:0");
r=tor_addr_parse_mask_ports("[fefef::]/112", &t1, NULL, NULL, NULL);
test_assert(r == -1);
r=tor_addr_parse_mask_ports("efef::/112", &t1, NULL, NULL, NULL);