sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'maint-0.2.2' into release-0.2.2

This commit is contained in:
Roger Dingledine 2011-10-24 02:36:01 -04:00
parent 8522652d8e 3cb79a0286
commit ee2efc5c82
21 changed files with 3439 additions and 2212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug4059 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes:
- Change an integer overflow check in the OpenBSD_Malloc code so
that GCC is less likely to eliminate it as impossible. Patch
from Mansour Moufid. Fixes bug 4059.

7
changes/bug4115 Normal file
View File

@ -0,0 +1,7 @@
o Security fixes:
- Bridge relays now do their directory fetches inside Tor TLS
connections, like all the other clients do, rather than connecting
directly to the DirPort like public relays do. Removes another
avenue for enumerating bridges. Fixes part of bug 4115; bugfix
on 0.2.0.35.

6
changes/bug4124 Normal file
View File

@ -0,0 +1,6 @@
o Security fixes:
- Bridges relays now build circuits for themselves in a more similar
way to how clients build them. Removes another avenue for
enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha,
when bridges were introduced.

5
changes/bug4201 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes:
- Bridges now skip DNS self-tests, to act a little more stealthily.
Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
bridges. Patch by "warms0x".

13
changes/bug4212 Normal file
View File

@ -0,0 +1,13 @@
o Major bugfixes:
- Don't launch a useless circuit after failing to use one of a
hidden service's introduction points. Previously, we would
launch a new introduction circuit, but not set the hidden
service which that circuit was intended to connect to, so it
would never actually be used. A different piece of code would
then create a new introduction circuit correctly, so this bug
was harmless until it caused an assertion in the client-side
part of the #3825 fix to fail. Bug reported by katmagic and
found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug
4212.

8
changes/bug4251 Normal file
View File

@ -0,0 +1,8 @@
o Minor bugfixes:
- When a hidden service turns an extra service-side introduction
circuit into a general-purpose circuit, free the rend_data and
intro_key fields first, so they won't be leaked if the circuit
is cannibalized for use as another service-side introduction
circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.

4
changes/bug4259 Normal file
View File

@ -0,0 +1,4 @@
o Major bugfixes:
- Fix a crash bug when changing node restrictions while a DNS lookup
is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
by "Tey'".

5
changes/dirreq-stats-default Normal file
View File

@ -0,0 +1,5 @@
o Minor features:
- Turn on directory request statistics by default and include them in
extra-info descriptors. Don't break if we have no GeoIP database.
Backported from 0.2.3.1-alpha; implements ticket 3951.

3
changes/geoip-october2011 Normal file
View File

@ -0,0 +1,3 @@
o Minor features:
- Update to the October 4 2011 Maxmind GeoLite Country database.

6
changes/ticket-4063 Normal file
View File

@ -0,0 +1,6 @@
o Minor bugfixes (usability):
- Downgrade log messages about circuit timeout calibration from
"notice" to "info": they don't require or suggest any human
intervention. Patch from Tom Lowenthal. Fixes bug 4063;
bugfix on 0.2.2.14-alpha.

5
changes/windows_8 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes:
- The next version of Windows will be called Windows 8, and it has a major
version of 6, minor version of 2. Correctly identify that version instead
of calling it "Very recent version". Fixes bug 4153; reported by funkstar.

2
src/common/OpenBSD_malloc_Linux.c
View File

@ -1236,7 +1236,7 @@ imalloc(size_t size)
ptralloc = 1;
size = malloc_pagesize;
}
if ((size + malloc_pagesize) < size) { /* Check for overflow */
if (size > SIZE_MAX - malloc_pagesize) { /* Check for overflow */
result = NULL;
errno = ENOMEM;
} else if (size <= malloc_maxsize)

3
src/common/compat.c
View File

@ -1806,6 +1806,7 @@ get_uname(void)
static struct {
unsigned major; unsigned minor; const char *version;
} win_version_table[] = {
{ 6, 2, "Windows 8" },
{ 6, 1, "Windows 7" },
{ 6, 0, "Windows Vista" },
{ 5, 2, "Windows Server 2003" },
@ -1862,7 +1863,7 @@ get_uname(void)
plat, extra);
} else {
if (info.dwMajorVersion > 6 ||
(info.dwMajorVersion==6 && info.dwMinorVersion>1))
(info.dwMajorVersion==6 && info.dwMinorVersion>2))
tor_snprintf(uname_result, sizeof(uname_result),
"Very recent version of Windows [major=%d,minor=%d] %s",
(int)info.dwMajorVersion,(int)info.dwMinorVersion,

5460
src/config/geoip
View File

File diff suppressed because it is too large Load Diff

11
src/or/circuitbuild.c
View File

@ -1381,7 +1381,7 @@ circuit_build_times_set_timeout_worker(circuit_build_times_t *cbt)
cbt->close_ms = MAX(cbt->close_ms, circuit_build_times_initial_timeout());
if (cbt->timeout_ms > max_time) {
log_notice(LD_CIRC,
log_info(LD_CIRC,
"Circuit build timeout of %dms is beyond the maximum build "
"time we have ever observed. Capping it to %dms.",
(int)cbt->timeout_ms, max_time);
@ -1429,7 +1429,7 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt)
timeout_rate = circuit_build_times_timeout_rate(cbt);
if (prev_timeout > tor_lround(cbt->timeout_ms/1000)) {
log_notice(LD_CIRC,
log_info(LD_CIRC,
"Based on %d circuit times, it looks like we don't need to "
"wait so long for circuits to finish. We will now assume a "
"circuit is too slow to use after waiting %ld seconds.",
@ -1440,7 +1440,7 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt)
cbt->timeout_ms, cbt->close_ms, cbt->Xm, cbt->alpha,
timeout_rate);
} else if (prev_timeout < tor_lround(cbt->timeout_ms/1000)) {
log_notice(LD_CIRC,
log_info(LD_CIRC,
"Based on %d circuit times, it looks like we need to wait "
"longer for circuits to finish. We will now assume a "
"circuit is too slow to use after waiting %ld seconds.",
@ -1961,9 +1961,10 @@ should_use_create_fast_for_circuit(origin_circuit_t *circ)
return 1; /* our hand is forced: only a create_fast will work. */
if (!options->FastFirstHopPK)
return 0; /* we prefer to avoid create_fast */
if (server_mode(options)) {
if (public_server_mode(options)) {
/* We're a server, and we know an onion key. We can choose.
* Prefer to blend in. */
* Prefer to blend our circuit into the other circuits we are
* creating on behalf of others. */
return 0;
}

63
src/or/config.c
View File

@ -229,7 +229,7 @@ static config_var_t _option_vars[] = {
OBSOLETE("DirRecordUsageGranularity"),
OBSOLETE("DirRecordUsageRetainIPs"),
OBSOLETE("DirRecordUsageSaveInterval"),
V(DirReqStatistics, BOOL, "0"),
V(DirReqStatistics, BOOL, "1"),
VAR("DirServer", LINELIST, DirServers, NULL),
V(DisableAllSwap, BOOL, "0"),
V(DNSPort, PORT, "0"),
@ -246,7 +246,7 @@ static config_var_t _option_vars[] = {
V(ExitPolicy, LINELIST, NULL),
V(ExitPolicyRejectPrivate, BOOL, "1"),
V(ExitPortStatistics, BOOL, "0"),
V(ExtraInfoStatistics, BOOL, "0"),
V(ExtraInfoStatistics, BOOL, "1"),
#if defined (WINCE)
V(FallbackNetworkstatusFile, FILENAME, "fallback-consensus"),
@ -1408,44 +1408,45 @@ options_act(or_options_t *old_options)
tor_free(actual_fname);
}
if (options->DirReqStatistics && !geoip_is_loaded()) {
/* Check if GeoIP database could be loaded. */
log_warn(LD_CONFIG, "Configured to measure directory request "
"statistics, but no GeoIP database found!");
return -1;
}
if (options->EntryStatistics) {
if (should_record_bridge_info(options)) {
/* Don't allow measuring statistics on entry guards when configured
* as bridge. */
log_warn(LD_CONFIG, "Bridges cannot be configured to measure "
"additional GeoIP statistics as entry guards.");
return -1;
} else if (!geoip_is_loaded()) {
/* Check if GeoIP database could be loaded. */
log_warn(LD_CONFIG, "Configured to measure entry node statistics, "
"but no GeoIP database found!");
return -1;
}
}
if (options->CellStatistics || options->DirReqStatistics ||
options->EntryStatistics || options->ExitPortStatistics) {
time_t now = time(NULL);
int print_notice = 0;
if ((!old_options || !old_options->CellStatistics) &&
options->CellStatistics)
options->CellStatistics) {
rep_hist_buffer_stats_init(now);
print_notice = 1;
}
if ((!old_options || !old_options->DirReqStatistics) &&
options->DirReqStatistics)
geoip_dirreq_stats_init(now);
options->DirReqStatistics) {
if (geoip_is_loaded()) {
geoip_dirreq_stats_init(now);
print_notice = 1;
} else {
log_notice(LD_CONFIG, "Configured to measure directory request "
"statistics, but no GeoIP database found! "
"Please specify a GeoIP database using the "
"GeoIPFile option!");
}
}
if ((!old_options || !old_options->EntryStatistics) &&
options->EntryStatistics)
geoip_entry_stats_init(now);
options->EntryStatistics && !should_record_bridge_info(options)) {
if (geoip_is_loaded()) {
geoip_entry_stats_init(now);
print_notice = 1;
} else {
log_notice(LD_CONFIG, "Configured to measure entry node "
"statistics, but no GeoIP database found! "
"Please specify a GeoIP database using the "
"GeoIPFile option!");
}
}
if ((!old_options || !old_options->ExitPortStatistics) &&
options->ExitPortStatistics)
options->ExitPortStatistics) {
rep_hist_exit_stats_init(now);
if (!old_options)
print_notice = 1;
}
if (print_notice)
log_notice(LD_CONFIG, "Configured to measure statistics. Look for "
"the *-stats files that will first be written to the "
"data directory in 24 hours from now.");

9
src/or/connection_edge.c
View File

@ -831,7 +831,10 @@ addressmap_clear_excluded_trackexithosts(or_options_t *options)
char *nodename;
routerinfo_t *ri; /* XXX023 Use node_t. */
if (strcmpend(target, ".exit")) {
if (!target) {
/* DNS resolving in progress */
continue;
} else if (strcmpend(target, ".exit")) {
/* Not a .exit mapping */
continue;
} else if (ent->source != ADDRMAPSRC_TRACKEXIT) {
@ -842,8 +845,8 @@ addressmap_clear_excluded_trackexithosts(or_options_t *options)
if (len < 6)
continue; /* malformed. */
dot = target + len - 6; /* dot now points to just before .exit */
while(dot > target && *dot != '.')
dot--;
while (dot > target && *dot != '.')
dot--;
if (*dot == '.') dot++;
nodename = tor_strndup(dot, len-5-(dot-target));;
ri = router_get_by_nickname(nodename, 0);

3
src/or/directory.c
View File

@ -785,8 +785,7 @@ directory_command_should_use_begindir(or_options_t *options,
return 0; /* We don't know an ORPort -- no chance. */
if (!anonymized_connection)
if (!fascist_firewall_allows_address_or(addr, or_port) ||
directory_fetches_from_authorities(options) ||
(server_mode(options) && !options->Address))
directory_fetches_from_authorities(options))
return 0; /* We're firewalled or are acting like a relay -- also no. */
if (!options->TunnelDirConns &&
router_purpose != ROUTER_PURPOSE_BRIDGE)

2
src/or/main.c
View File

@ -1241,7 +1241,7 @@ run_scheduled_events(time_t now)
/** 9. and if we're a server, check whether our DNS is telling stories to
* us. */
if (is_server && time_to_check_for_correct_dns < now) {
if (public_server_mode(options) && time_to_check_for_correct_dns < now) {
if (!time_to_check_for_correct_dns) {
time_to_check_for_correct_dns = now + 60 + crypto_rand_int(120);
} else {

18
src/or/rendclient.c
View File

@ -80,8 +80,8 @@ rend_client_send_establish_rendezvous(origin_circuit_t *circ)
/** Extend the introduction circuit <b>circ</b> to another valid
* introduction point for the hidden service it is trying to connect
* to, or mark it and launch a new circuit if we can't extend it.
* Return 0 on success. Return -1 and mark the introduction
* circuit on failure.
* Return 0 on success or possible success. Return -1 and mark the
* introduction circuit for close on permanent failure.
*
* On failure, the caller is responsible for marking the associated
* rendezvous circuit for close. */
@ -106,17 +106,11 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ)
result = circuit_extend_to_new_exit(circ, extend_info);
} else {
log_info(LD_REND,
"Building a new introduction circuit, this time to %s.",
safe_str_client(extend_info_describe(extend_info)));
"Closing intro circ %d (out of RELAY_EARLY cells).",
circ->_base.n_circ_id);
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
if (!circuit_launch_by_extend_info(CIRCUIT_PURPOSE_C_INTRODUCING,
extend_info,
CIRCLAUNCH_IS_INTERNAL)) {
log_warn(LD_REND, "Building introduction circuit failed.");
result = -1;
} else {
result = 0;
}
/* connection_ap_handshake_attach_circuit will launch a new intro circ. */
result = 0;
}
extend_info_free(extend_info);
return result;

13
src/or/rendservice.c
View File

@ -1421,7 +1421,20 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
log_info(LD_CIRC|LD_REND, "We have just finished an introduction "
"circuit, but we already have enough. Redefining purpose to "
"general; leaving as internal.");
TO_CIRCUIT(circuit)->purpose = CIRCUIT_PURPOSE_C_GENERAL;
{
rend_data_t *rend_data = circuit->rend_data;
circuit->rend_data = NULL;
rend_data_free(rend_data);
}
{
crypto_pk_env_t *intro_key = circuit->intro_key;
circuit->intro_key = NULL;
crypto_free_pk_env(intro_key);
}
circuit_has_opened(circuit);
return;
}