Merge branch 'maint-0.2.4' into release-0.2.4
This commit is contained in:
commit
8fd9644f17
|
@ -0,0 +1,5 @@
|
|||
o Normal bugfixes:
|
||||
- Always call circuit_n_chan_done(chan, 0) from channel_closed(), so we
|
||||
can't leak pending circuits in some cases where
|
||||
run_connection_housekeeping() calls connection_or_close_normally().
|
||||
Fixes bug #9776; bugfix on 0.2.4.17.
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update to the September 4 2013 Maxmind GeoLite Country database.
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
o Minor features (security, timestamp avoidance, proposal 222):
|
||||
- Clients no longer send timestamps in their NETINFO cells. These were
|
||||
not used for anything, and they provided one small way for clients
|
||||
to be distinguished from each other as they moved from network to
|
||||
network or behind NAT. Implements part of proposal 222.
|
||||
- Clients now round timestamps in INTRODUCE cells down to the nearest
|
||||
10 minutes. If a new Support022HiddenServices option is set to 0,
|
||||
or if it's set to "auto" and the feature is disabled in the consensus,
|
||||
the timestamp is sent as 0 instead. Implements part of proposal 222.
|
||||
- Stop sending timestamps in AUTHENTICATE cells. This is not such
|
||||
a big deal from a security point of view, but it achieves no actual
|
||||
good purpose, and isn't needed. Implements part of proposal 222.
|
||||
- Reduce down accuracy of timestamps in hidden service descriptors.
|
||||
Implements part of proposal 222.
|
|
@ -358,7 +358,8 @@ GENERAL OPTIONS
|
|||
|
||||
**DisableDebuggerAttachment** **0**|**1**::
|
||||
If set to 1, Tor will attempt to prevent basic debugging attachment attempts
|
||||
by other processes. It has no impact for users who wish to attach if they
|
||||
by other processes. This may also keep Tor from generating core files if
|
||||
it crashes. It has no impact for users who wish to attach if they
|
||||
have CAP_SYS_PTRACE or if they are root. We believe that this feature
|
||||
works on modern Gnu/Linux distributions, and that it may also work on *BSD
|
||||
systems (untested). Some modern Gnu/Linux systems such as Ubuntu have the
|
||||
|
@ -1337,6 +1338,15 @@ The following options are useful only for clients (that is, if
|
|||
Tor will use a default value chosen by the directory
|
||||
authorities. (Default: -1.)
|
||||
|
||||
**Support022HiddenServices** **0**|**1**|**auto**::
|
||||
Tor hidden services running versions before 0.2.3.x required clients to
|
||||
send timestamps, which can potentially be used to distinguish clients
|
||||
whose view of the current time is skewed. If this option is set to 0, we
|
||||
do not send this timestamp, and hidden services on obsolete Tor versions
|
||||
will not work. If this option is set to 1, we send the timestamp. If
|
||||
this optoin is "auto", we take a recommendation from the latest consensus
|
||||
document. (Default: auto)
|
||||
|
||||
|
||||
SERVER OPTIONS
|
||||
--------------
|
||||
|
|
12806
src/config/geoip
12806
src/config/geoip
File diff suppressed because it is too large
Load Diff
|
@ -1292,11 +1292,10 @@ channel_closed(channel_t *chan)
|
|||
if (chan->state == CHANNEL_STATE_CLOSED ||
|
||||
chan->state == CHANNEL_STATE_ERROR) return;
|
||||
|
||||
if (chan->reason_for_closing == CHANNEL_CLOSE_FOR_ERROR) {
|
||||
/* Inform any pending (not attached) circs that they should
|
||||
* give up. */
|
||||
circuit_n_chan_done(chan, 0);
|
||||
}
|
||||
/* Inform any pending (not attached) circs that they should
|
||||
* give up. */
|
||||
circuit_n_chan_done(chan, 0);
|
||||
|
||||
/* Now close all the attached circuits on it. */
|
||||
circuit_unlink_all_from_channel(chan, END_CIRC_REASON_CHANNEL_CLOSED);
|
||||
|
||||
|
|
|
@ -388,6 +388,7 @@ static config_var_t option_vars_[] = {
|
|||
V(SSLKeyLifetime, INTERVAL, "0"),
|
||||
OBSOLETE("StatusFetchPeriod"),
|
||||
V(StrictNodes, BOOL, "0"),
|
||||
V(Support022HiddenServices, AUTOBOOL, "auto"),
|
||||
OBSOLETE("SysLog"),
|
||||
V(TestSocks, BOOL, "0"),
|
||||
OBSOLETE("TestVia"),
|
||||
|
|
|
@ -1160,6 +1160,16 @@ connection_or_connect(const tor_addr_t *_addr, uint16_t port,
|
|||
|
||||
/** Mark orconn for close and transition the associated channel, if any, to
|
||||
* the closing state.
|
||||
*
|
||||
* It's safe to call this and connection_or_close_for_error() any time, and
|
||||
* channel layer will treat it as a connection closing for reasons outside
|
||||
* its control, like the remote end closing it. It can also be a local
|
||||
* reason that's specific to connection_t/or_connection_t rather than
|
||||
* the channel mechanism, such as expiration of old connections in
|
||||
* run_connection_housekeeping(). If you want to close a channel_t
|
||||
* from somewhere that logically works in terms of generic channels
|
||||
* rather than connections, use channel_mark_for_close(); see also
|
||||
* the comment on that function in channel.c.
|
||||
*/
|
||||
|
||||
void
|
||||
|
@ -2051,8 +2061,9 @@ connection_or_send_netinfo(or_connection_t *conn)
|
|||
memset(&cell, 0, sizeof(cell_t));
|
||||
cell.command = CELL_NETINFO;
|
||||
|
||||
/* Timestamp. */
|
||||
set_uint32(cell.payload, htonl((uint32_t)now));
|
||||
/* Timestamp, if we're a relay. */
|
||||
if (public_server_mode(get_options()) || ! conn->is_outgoing)
|
||||
set_uint32(cell.payload, htonl((uint32_t)now));
|
||||
|
||||
/* Their address. */
|
||||
out = cell.payload + 4;
|
||||
|
@ -2286,19 +2297,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
|
|||
if (server)
|
||||
return V3_AUTH_FIXED_PART_LEN; // ptr-out
|
||||
|
||||
/* Time: 8 octets. */
|
||||
{
|
||||
uint64_t now = time(NULL);
|
||||
if ((time_t)now < 0)
|
||||
return -1;
|
||||
set_uint32(ptr, htonl((uint32_t)(now>>32)));
|
||||
set_uint32(ptr+4, htonl((uint32_t)now));
|
||||
ptr += 8;
|
||||
}
|
||||
|
||||
/* Nonce: 16 octets. */
|
||||
crypto_rand((char*)ptr, 16);
|
||||
ptr += 16;
|
||||
/* 8 octets were reserved for the current time, but we're trying to get out
|
||||
* of the habit of sending time around willynilly. Fortunately, nothing
|
||||
* checks it. That's followed by 16 bytes of nonce. */
|
||||
crypto_rand((char*)ptr, 24);
|
||||
ptr += 24;
|
||||
|
||||
tor_assert(ptr - out == V3_AUTH_BODY_LEN);
|
||||
|
||||
|
|
|
@ -4099,6 +4099,9 @@ typedef struct {
|
|||
|
||||
/** How long (seconds) do we keep a guard before picking a new one? */
|
||||
int GuardLifetime;
|
||||
|
||||
/** Should we send the timestamps that pre-023 hidden services want? */
|
||||
int Support022HiddenServices;
|
||||
} or_options_t;
|
||||
|
||||
/** Persistent state for an onion router, as saved to disk. */
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
#include "connection_edge.h"
|
||||
#include "directory.h"
|
||||
#include "main.h"
|
||||
#include "networkstatus.h"
|
||||
#include "nodelist.h"
|
||||
#include "relay.h"
|
||||
#include "rendclient.h"
|
||||
|
@ -127,6 +128,16 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ)
|
|||
return result;
|
||||
}
|
||||
|
||||
/** Return true iff we should send timestamps in our INTRODUCE1 cells */
|
||||
static int
|
||||
rend_client_should_send_timestamp(void)
|
||||
{
|
||||
if (get_options()->Support022HiddenServices >= 0)
|
||||
return get_options()->Support022HiddenServices;
|
||||
|
||||
return networkstatus_get_param(NULL, "Support022HiddenServices", 1, 0, 1);
|
||||
}
|
||||
|
||||
/** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
|
||||
* down introcirc if possible.
|
||||
*/
|
||||
|
@ -238,7 +249,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
|
|||
REND_DESC_COOKIE_LEN);
|
||||
v3_shift += 2+REND_DESC_COOKIE_LEN;
|
||||
}
|
||||
set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
|
||||
if (rend_client_should_send_timestamp()) {
|
||||
uint32_t now = (uint32_t)time(NULL);
|
||||
now += 300;
|
||||
now -= now % 600;
|
||||
set_uint32(tmp+v3_shift+1, htonl(now));
|
||||
} else {
|
||||
set_uint32(tmp+v3_shift+1, 0);
|
||||
}
|
||||
v3_shift += 4;
|
||||
} /* if version 2 only write version number */
|
||||
else if (entry->parsed->protocols & (1<<2)) {
|
||||
|
|
|
@ -593,6 +593,7 @@ rend_service_update_descriptor(rend_service_t *service)
|
|||
d = service->desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
|
||||
d->pk = crypto_pk_dup_key(service->private_key);
|
||||
d->timestamp = time(NULL);
|
||||
d->timestamp -= d->timestamp % 3600; /* Round down to nearest hour */
|
||||
d->intro_nodes = smartlist_new();
|
||||
/* Support intro protocols 2 and 3. */
|
||||
d->protocols = (1 << 2) + (1 << 3);
|
||||
|
|
Loading…
Reference in New Issue