Merge branch 'maint-0.2.4' into release-0.2.4

ChangeLog

@@ -934,8 +934,7 @@ Changes in version 0.2.4.7-alpha - 2012-12-24
       network connection drastically changes. Should help with bug 3443.
 
   o Major features (IPv6):
-    - Tor now has (alpha) support for exiting to IPv6 addresses. To
-      enable it as an exit node, make sure that you have IPv6
+    - Relays can now exit to IPv6 addresses: make sure that you have IPv6
       connectivity, then set the IPv6Exit flag to 1. Also make sure your
       exit policy reads as you would like: the address * applies to all
       address families, whereas *4 is IPv4 address only, and *6 is IPv6
@@ -1405,7 +1404,7 @@ Changes in version 0.2.4.3-alpha - 2012-09-22
       than it ran through the part of the loop before it had made its
       choice. Addresses ticket 6538.
     - Disable the use of Guard nodes when in Tor2WebMode. Guard usage
-      by tor2web clients allows hidden services to identity tor2web
+      by tor2web clients allows hidden services to identify tor2web
       clients through their repeated selection of the same rendezvous
       and introduction point circuit endpoints (their guards). Resolves
       ticket 6888.

changes/9854

@@ -0,0 +1,3 @@
+  o Documentation fixes:
+    - Clarify the usage and risks of ContactInfo. Resolves ticket 9854.
+

changes/bug6979

@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Fix an assertion failure that would occur when disabling the
+      ORPort setting on a running Tor process while accounting was
+      enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.

changes/bug9596

@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Correctly log long IPv6 exit policy, instead of truncating them
+      or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
+

changes/bug9644

@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Fix a small memory leak on exit. (We weren't freeing directory
+      authority certificate download statuses.) Fixes bug 9644; bugfix
+      on 0.2.4.13-alpha.

changes/bug9880

@@ -0,0 +1,8 @@
+  o Minor bugfixes:
+
+    - When closing a channel that has already been open, do not close
+      pending circuits that were waiting to connect to the same relay.
+      Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for
+      finding this bug.  (Bug was merged to 0.2.4 branch but not released
+      in any 0.2.4 version)
+

changes/bug9904

@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - When examining list of network interfaces to find our address, do
+      not consider non-running or disabled network interfaces. Fixes bug
+      9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".

changes/bug9927

@@ -0,0 +1,4 @@
+  o Minor features:
+    - Generate bootstrapping status update events correctly for fetching
+      microdescriptors. Fixes bug 9927.
+

changes/bug9928

@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+    - Avoid an off-by-one error when checking buffer boundaries when
+      formatting the exit status of a pluggable transport helper.
+      This is probably not an exploitable bug, but better safe than
+      sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
+      Pedro Ribeiro.

changes/ticket9866

@@ -0,0 +1,3 @@
+  o Documentation:
+    - Add anchors to the manpage so we can link to the documentation for 
+      specific options. Resolves ticket 9866.

src/common/address.c

@@ -1187,6 +1187,8 @@ get_interface_addresses_raw(int severity)
   result = smartlist_new();
   for (i = ifa; i; i = i->ifa_next) {
     tor_addr_t tmp;
+    if ((i->ifa_flags & (IFF_UP | IFF_RUNNING)) != (IFF_UP | IFF_RUNNING))
+      continue;
     if (!i->ifa_addr)
       continue;
     if (i->ifa_addr->sa_family != AF_INET &&

src/common/util.c

@@ -3374,10 +3374,10 @@ format_hex_number_for_helper_exit_status(unsigned int x, char *buf,
  * <b>hex_errno</b>.  Called between fork and _exit, so must be signal-handler
  * safe.
  *
- * <b>hex_errno</b> must have at least HEX_ERRNO_SIZE bytes available.
+ * <b>hex_errno</b> must have at least HEX_ERRNO_SIZE+1 bytes available.
  *
  * The format of <b>hex_errno</b> is: "CHILD_STATE/ERRNO\n", left-padded
- * with spaces. Note that there is no trailing \0. CHILD_STATE indicates where
+ * with spaces. CHILD_STATE indicates where
  * in the processs of starting the child process did the failure occur (see
  * CHILD_STATE_* macros for definition), and SAVED_ERRNO is the value of
  * errno when the failure occurred.
@@ -3412,7 +3412,7 @@ format_helper_exit_status(unsigned char child_state, int saved_errno,
    * Count how many chars of space we have left, and keep a pointer into the
    * current point in the buffer.
    */
-  left = HEX_ERRNO_SIZE;
+  left = HEX_ERRNO_SIZE+1;
   cur = hex_errno;
 
   /* Emit child_state */
@@ -3456,8 +3456,8 @@ format_helper_exit_status(unsigned char child_state, int saved_errno,
   left -= written;
   cur += written;
 
-  /* Check that we have enough space left for a newline */
-  if (left <= 0)
+  /* Check that we have enough space left for a newline and a NUL */
+  if (left <= 1)
     goto err;
 
   /* Emit the newline and NUL */
@@ -3712,7 +3712,7 @@ tor_spawn_background(const char *const filename, const char **argv,
      this is used for printing out the error message */
   unsigned char child_state = CHILD_STATE_INIT;
 
-  char hex_errno[HEX_ERRNO_SIZE];
+  char hex_errno[HEX_ERRNO_SIZE + 2]; /* + 1 should be sufficient actually */
 
   static int max_fd = -1;
 

src/or/channel.c

@@ -743,6 +743,9 @@ channel_init(channel_t *chan)
 
   /* Timestamp it */
   channel_timestamp_created(chan);
+
+  /* It hasn't been open yet. */
+  chan->has_been_open = 0;
 }
 
 /**
@@ -1294,7 +1297,8 @@ channel_closed(channel_t *chan)
 
   /* Inform any pending (not attached) circs that they should
    * give up. */
-  circuit_n_chan_done(chan, 0);
+  if (! chan->has_been_open)
+    circuit_n_chan_done(chan, 0);
 
   /* Now close all the attached circuits on it. */
   circuit_unlink_all_from_channel(chan, END_CIRC_REASON_CHANNEL_CLOSED);
@@ -1935,6 +1939,7 @@ channel_change_state(channel_t *chan, channel_state_t to_state)
   /* Tell circuits if we opened and stuff */
   if (to_state == CHANNEL_STATE_OPEN) {
     channel_do_open_actions(chan);
+    chan->has_been_open = 1;
 
     /* Check for queued cells to process */
     if (! TOR_SIMPLEQ_EMPTY(&chan->incoming_queue))

src/or/channel.h

@@ -46,6 +46,9 @@ struct channel_s {
   /* Should we expect to see this channel in the channel lists? */
   unsigned char registered:1;
 
+  /** has this channel ever been open? */
+  unsigned int has_been_open:1;
+
   /** Why did we close?
    */
   enum {

src/or/directory.c

@@ -2111,6 +2111,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
         /* Mark remaining ones as failed. */
         dir_microdesc_download_failed(which, status_code);
       }
+      control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
+                              count_loading_descriptors_progress());
       SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
       smartlist_free(which);
       smartlist_free(mds);

src/or/policies.h

@@ -12,10 +12,11 @@
 #ifndef TOR_POLICIES_H
 #define TOR_POLICIES_H
 
-/* (length of "accept 255.255.255.255/255.255.255.255:65535-65535\n" plus a
- * NUL.)
+/* (length of
+ * "accept6 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]/128:65535-65535\n"
+ * plus a terminating NUL, rounded up to a nice number.)
  */
-#define POLICY_BUF_LEN 52
+#define POLICY_BUF_LEN 72
 
 int firewall_is_fascist_or(void);
 int fascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port);

src/or/relay.c

@@ -1103,6 +1103,7 @@ connection_edge_process_relay_cell_not_open(
           control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0);
           break;
         case DIR_PURPOSE_FETCH_SERVERDESC:
+        case DIR_PURPOSE_FETCH_MICRODESC:
           control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
                                   count_loading_descriptors_progress());
           break;

src/or/router.c

@@ -236,7 +236,7 @@ get_server_identity_key(void)
 int
 server_identity_key_is_set(void)
 {
-  return server_identitykey != NULL;
+  return server_mode(get_options()) && server_identitykey != NULL;
 }
 
 /** Set the current client identity key to <b>k</b>.

src/or/routerlist.c

@@ -241,6 +241,27 @@ get_cert_list(const char *id_digest)
   return cl;
 }
 
+/** Release all space held by a cert_list_t */
+static void
+cert_list_free(cert_list_t *cl)
+{
+  if (!cl)
+    return;
+
+  SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
+                    authority_cert_free(cert));
+  smartlist_free(cl->certs);
+  dsmap_free(cl->dl_status_map, tor_free_);
+  tor_free(cl);
+}
+
+/** Wrapper for cert_list_free so we can pass it to digestmap_free */
+static void
+cert_list_free_(void *cl)
+{
+  cert_list_free(cl);
+}
+
 /** Reload the cached v3 key certificates from the cached-certs file in
  * the data directory. Return 0 on success, -1 on failure. */
 int
@@ -3324,13 +3345,7 @@ routerlist_free_all(void)
   smartlist_free(fallback_dir_servers);
   trusted_dir_servers = fallback_dir_servers = NULL;
   if (trusted_dir_certs) {
-    DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
-      SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
-                        authority_cert_free(cert));
-      smartlist_free(cl->certs);
-      tor_free(cl);
-    } DIGESTMAP_FOREACH_END;
-    digestmap_free(trusted_dir_certs, NULL);
+    digestmap_free(trusted_dir_certs, cert_list_free_);
     trusted_dir_certs = NULL;
   }
 }

src/test/test_util.c

@@ -2252,6 +2252,7 @@ test_util_exit_status(void *ptr)
   n = format_helper_exit_status(0xFF, -0x80000000, hex_errno);
   test_streq("FF/-80000000\n", hex_errno);
   test_eq(n, strlen(hex_errno));
+  test_eq(n, HEX_ERRNO_SIZE);
 
   clear_hex_errno(hex_errno);
   n = format_helper_exit_status(0x7F, 0, hex_errno);