Merge branch 'maint-0.2.2' into release-0.2.2

2012-01-05 06:46:01 -05:00 · 2012-01-05 06:46:01 -05:00 · 98402d0865
parent 1208c179fb a1074c7aa2
commit 98402d0865
13 changed files with 5164 additions and 4578 deletions
--- a/changes/bug1240
+++ b/changes/bug1240
@ -0,0 +1,8 @@
+  o Minor bugfixes:
+    - When running with an older Linux kernel that erroneously responds
+      to strange nmap behavior by having accept() return successfully
+      with a zero-length socket, just close the connection. Previously,
+      we would try harder to learn the remote address: but there was no
+      such remote address to learn, and our method for trying to learn
+      it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on
+      0.1.0.3-rc. Reported and diagnosed by "r1eo".
--- a/changes/bug4786
+++ b/changes/bug4786
@ -0,0 +1,9 @@
+  - Feature removal:
+    - When sending or relaying a RELAY_EARLY cell, we used to convert
+      it to a RELAY cell if the connection was using the v1 link
+      protocol. This was a workaround for older versions of Tor, which
+      didn't handle RELAY_EARLY cells properly. Now that all supported
+      versions can handle RELAY_EARLY cells, and now that we're
+      enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY
+      cells" rule, we're removing this workaround. Addresses bug 4786.
+
--- a/changes/bug4788
+++ b/changes/bug4788
@ -0,0 +1,6 @@
+  o Minor features (directory server):
+    - Directory servers now reject versions of Tor older than 0.2.1.30,
+      and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
+      (inclusive). These versions accounted for only a small fraction of
+      the Tor network, and have numerous known security issues. Resolves
+      issue #4788.
--- a/changes/bug4803
+++ b/changes/bug4803
@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Correctly spell "connect" in a log message when creating a controlsocket
+      fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha.
+
--- a/changes/clang_30_options
+++ b/changes/clang_30_options
@ -0,0 +1,5 @@
+  o Code simplifications and refactoring:
+    - During configure, detect when we're building with clang version 3.0 or
+      lower and disable the -Wnormalized=id and -Woverride-init CFLAGS.
+      clang doesn't support them yet.
+
--- a/changes/geoip-january2012
+++ b/changes/geoip-january2012
@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the January 3 2012 Maxmind GeoLite Country database.
+
--- a/changes/timersub_bug
+++ b/changes/timersub_bug
@ -0,0 +1,7 @@
+  o Major bugfixes:
+    - Provide correct replacements for the timeradd() and timersub() functions
+      for platforms that lack them (for example, windows). The timersub()
+      function is used when expiring circuits, timeradd() is currently unused.
+      Patch written by Vektor, who also reported the bug. Thanks! Bugfix
+      on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
+
--- a/configure.in
+++ b/configure.in
@ -940,10 +940,10 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
 #error
 #endif])], have_gcc43=yes, have_gcc43=no)

-  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
-#if !defined(__clang__) || (__clang_major__ > 2) || (__clang_major__ == 2 && __clang_minor__ > 9)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
+#if !defined(__clang__)
 #error
-#endif])], have_clang29orlower=yes, have_clang29orlower=no)
+#endif])], have_clang=yes, have_clang=no)

  save_CFLAGS="$CFLAGS"
  CFLAGS="$CFLAGS -Wshorten-64-to-32"
@ -980,10 +980,8 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
    # We used to use -Wstrict-overflow=5, but that breaks us heavily under 4.3.
  fi

-  if test x$have_gcc42 = xyes && test x$have_clang29orlower = xno; then
+  if test x$have_gcc42 = xyes && test x$have_clang = xno; then
    # These warnings break gcc 4.0.2 and clang, but work on gcc 4.2
-    # We only disable these for clang 2.9 and lower, in case they are
-    # supported in later versions.
    CFLAGS="$CFLAGS -Wnormalized=id -Woverride-init"
  fi

--- a/src/common/compat.h
+++ b/src/common/compat.h
@ -334,7 +334,7 @@ struct tm *tor_gmtime_r(const time_t *timep, struct tm *result);
 #define timeradd(tv1,tv2,tvout) \
  do {                                                  \
    (tvout)->tv_sec = (tv1)->tv_sec + (tv2)->tv_sec;    \
-    (tvout)->tv_usec = (tv2)->tv_usec + (tv2)->tv_usec; \
+    (tvout)->tv_usec = (tv1)->tv_usec + (tv2)->tv_usec; \
    if ((tvout)->tv_usec >= 1000000) {                  \
      (tvout)->tv_usec -= 1000000;                      \
      (tvout)->tv_sec++;                                \
@ -348,7 +348,7 @@ struct tm *tor_gmtime_r(const time_t *timep, struct tm *result);
 #define timersub(tv1,tv2,tvout) \
  do {                                                  \
    (tvout)->tv_sec = (tv1)->tv_sec - (tv2)->tv_sec;    \
-    (tvout)->tv_usec = (tv2)->tv_usec - (tv2)->tv_usec; \
+    (tvout)->tv_usec = (tv1)->tv_usec - (tv2)->tv_usec; \
    if ((tvout)->tv_usec < 0) {                         \
      (tvout)->tv_usec += 1000000;                      \
      (tvout)->tv_sec--;                                \
--- a/src/config/geoip
+++ b/src/config/geoip
--- a/src/or/connection.c
+++ b/src/or/connection.c
@ -880,7 +880,7 @@ check_location_for_unix_socket(or_options_t *options, const char *path)
    log_warn(LD_GENERAL, "Before Tor can create a control socket in %s, the "
             "directory %s needs to exist, and to be accessible only by the "
             "user%s account that is running Tor.  (On some Unix systems, "
-             "anybody who can list a socket can conect to it, so Tor is "
+             "anybody who can list a socket can connect to it, so Tor is "
             "being careful.)", escpath, escdir,
             options->ControlSocketsGroupWritable ? " and group" : "");
    tor_free(escpath);
@ -1076,7 +1076,12 @@ connection_create_listener(const struct sockaddr *listensockaddr,
 }

 /** Do basic sanity checking on a newly received socket. Return 0
- * if it looks ok, else return -1. */
+ * if it looks ok, else return -1.
+ *
+ * Notably, some TCP stacks can erroneously have accept() return successfully
+ * with socklen 0, when the client sends an RST before the accept call (as
+ * nmap does).  We want to detect that, and not go on with the connection.
+ */
 static int
 check_sockaddr(struct sockaddr *sa, int len, int level)
 {
@ -1142,7 +1147,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
  tor_socket_t news; /* the new socket */
  connection_t *newconn;
  /* information about the remote peer when connecting to other routers */
-  char addrbuf[256];
+  char addrbuf[256]; /*XXX023 use sockaddr_storage instead*/
  struct sockaddr *remote = (struct sockaddr*)addrbuf;
  /* length of the remote address. Must be whatever accept() needs. */
  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
@ -1186,21 +1191,9 @@ connection_handle_listener_read(connection_t *conn, int new_type)
    uint16_t port;
    if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
      log_info(LD_NET,
-               "accept() returned a strange address; trying getsockname().");
-      remotelen=sizeof(addrbuf);
-      memset(addrbuf, 0, sizeof(addrbuf));
-      if (getsockname(news, remote, &remotelen)<0) {
-        int e = tor_socket_errno(news);
-        log_warn(LD_NET, "getsockname() for new connection failed: %s",
-                 tor_socket_strerror(e));
-      } else {
-        if (check_sockaddr((struct sockaddr*)addrbuf, remotelen,
-                              LOG_WARN) < 0) {
-          log_warn(LD_NET,"Something's wrong with this conn. Closing it.");
-          tor_close_socket(news);
-          return 0;
-        }
-      }
+               "accept() returned a strange address; closing connection.");
+      tor_close_socket(news);
+      return 0;
    }

    if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@ -388,19 +388,20 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
              strmap_size(fingerprint_list->fp_by_name),
              digestmap_size(fingerprint_list->status_by_digest));

-  /* Tor 0.2.0.26-rc is the oldest version that currently caches the right
-   * directory information.  Once more of them die off, we should raise this
-   * minimum. */
-  if (platform && !tor_version_as_new_as(platform,"0.2.0.26-rc")) {
+  /* Versions before Tor 0.2.1.30 have known security issues that
+   * make them unsuitable for the current network. */
+  if (platform && !tor_version_as_new_as(platform,"0.2.1.30")) {
    if (msg)
-      *msg = "Tor version is far too old to work.";
-    return FP_REJECT;
-  } else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha")
-                      && !tor_version_as_new_as(platform, "0.2.1.19")) {
-    /* These versions mishandled RELAY_EARLY cells on rend circuits. */
-    if (msg)
-      *msg = "Tor version is too buggy to work.";
+      *msg = "Tor version is insecure. Please upgrade!";
    return FP_REJECT;
+  } else if (platform && tor_version_as_new_as(platform,"0.2.2.1-alpha")) {
+    /* Versions from 0.2.2.1-alpha...0.2.2.20-alpha have known security
+     * issues that make them unusable for the current network */
+    if (!tor_version_as_new_as(platform, "0.2.2.21-alpha")) {
+      if (msg)
+        *msg = "Tor version is insecure. Please upgrade!";
+      return FP_REJECT;
+    }
  }

  result = dirserv_get_name_status(id_digest, nickname);
--- a/src/or/relay.c
+++ b/src/or/relay.c
@ -2423,10 +2423,6 @@ append_cell_to_circuit_queue(circuit_t *circ, or_connection_t *orconn,
    queue = &orcirc->p_conn_cells;
    streams_blocked = circ->streams_blocked_on_p_conn;
  }
-  if (cell->command == CELL_RELAY_EARLY && orconn->link_proto < 2) {
-    /* V1 connections don't understand RELAY_EARLY. */
-    cell->command = CELL_RELAY;
-  }

  cell_queue_append_packed_copy(queue, cell);