Merge branch 'maint-0.2.3' into release-0.2.3
This commit is contained in:
commit
f52fd41842
|
@ -0,0 +1,2 @@
|
|||
o Documentation fixes:
|
||||
- Clarify that hidden services are TCP only. Fixes bug 6024.
|
|
@ -0,0 +1,5 @@
|
|||
o Major bugfixes:
|
||||
- Fix a possible crash bug when checking for deactivated circuits
|
||||
in connection_or_flush_from_first_active_circuit(). Fixes bug
|
||||
6341; bugfix on 0.2.2.7-alpha. Bug report and fix received
|
||||
pseudonymously.
|
|
@ -0,0 +1,9 @@
|
|||
o Minor bugfixes:
|
||||
|
||||
- Avoid undefined behaviour when parsing the list of supported
|
||||
rendezvous/introduction protocols in a hidden service
|
||||
descriptor. Previously, Tor would have confused (as-yet-unused)
|
||||
protocol version numbers greater than 32 with lower ones on many
|
||||
platforms. Fixes bug 6827; bugfix on 0.2.0.10-alpha; found by
|
||||
George Kadianakis.
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes:
|
||||
- Correct file sizes when reading binary files on
|
||||
Cygwin, to avoid a bug where Tor would fail to read its state file.
|
||||
Fixes bug 6844; bugfix on 0.1.2.7-alpha.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes:
|
||||
- Convert an assert in the pathbias code to a log message. Assert
|
||||
appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
|
||||
bugfix on 0.2.3.17-beta.
|
|
@ -0,0 +1,5 @@
|
|||
o Minor bugfixes:
|
||||
- Fix two cases in src/or/transports.c where we were calling
|
||||
fmt_addr() twice in a parameter list. Bug found by David
|
||||
Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor bugfixes:
|
||||
- Fix memory leaks whenever we logged any message about the "path
|
||||
bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
|
|
@ -0,0 +1,6 @@
|
|||
o Minor bugfixes:
|
||||
- When relays refuse a "create" cell because their queue of pending
|
||||
create cells is too big (typically because their cpu can't keep up
|
||||
with the arrival rate), send back reason "resource limit" rather
|
||||
than reason "internal", so network measurement scripts can get a
|
||||
more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037.
|
|
@ -0,0 +1,3 @@
|
|||
o New directory authorities:
|
||||
- Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
|
||||
authority. Closes ticket 5749.
|
|
@ -81,7 +81,7 @@ COMMAND-LINE OPTIONS
|
|||
Other options can be specified on the command-line in the format "--option
|
||||
value", in the format "option value", or in a configuration file. For
|
||||
instance, you can tell Tor to start listening for SOCKS connections on port
|
||||
9999 by passing --SOCKSPort 9999 or SOCKPort 9999 to it on the command line,
|
||||
9999 by passing --SOCKSPort 9999 or SOCKSPort 9999 to it on the command line,
|
||||
or by putting "SOCKSPort 9999" in the configuration file. You will need to
|
||||
quote options with spaces in them: if you want Tor to log all debugging
|
||||
messages to debug.log, you will probably need to say --Log 'debug file
|
||||
|
@ -237,7 +237,7 @@ GENERAL OPTIONS
|
|||
recommend that you leave this alone unless you know what you're doing,
|
||||
since giving attackers access to your control listener is really
|
||||
dangerous. This directive can be specified multiple
|
||||
times to bind to multiple addresses/ports. (Default: 127.0.0.1)
|
||||
times to bind to multiple addresses/ports. (Default: 127.0.0.1)
|
||||
|
||||
**ControlSocket** __Path__::
|
||||
Like ControlPort, but listens on a Unix domain socket, rather than a TCP
|
||||
|
@ -762,7 +762,7 @@ The following options are useful only for clients (that is, if
|
|||
purposes, e.g., for Tor controllers. This option may be used multiple times
|
||||
for different hidden services. If a hidden service uses authorization and
|
||||
this option is not set, the hidden service is not accessible. Hidden
|
||||
services can be configured to require authorization using the
|
||||
services can be configured to require authorization using the
|
||||
**HiddenServiceAuthorizeClient** option.
|
||||
|
||||
**CloseHSClientCircuitsImmediatelyOnTimeout** **0**|**1**::
|
||||
|
@ -1017,7 +1017,7 @@ The following options are useful only for clients (that is, if
|
|||
Open this port to listen for transparent proxy connections. Set this to
|
||||
0 if you don't want to allow transparent proxy connections. Set the port
|
||||
to "auto" to have Tor pick a port for you. This directive can be
|
||||
specified multiple times to bind to multiple addresses/ports. See
|
||||
specified multiple times to bind to multiple addresses/ports. See
|
||||
SOCKSPort for an explanation of isolation flags. +
|
||||
+
|
||||
TransPort requires OS support for transparent proxies, such as BSDs' pf or
|
||||
|
@ -1055,7 +1055,7 @@ The following options are useful only for clients (that is, if
|
|||
**AutomapHostsOnResolve** **0**|**1**::
|
||||
When this option is enabled, and we get a request to resolve an address
|
||||
that ends with one of the suffixes in **AutomapHostsSuffixes**, we map an
|
||||
unused virtual address to that address, and return the new virtual address.
|
||||
unused virtual address to that address, and return the new virtual address.
|
||||
This is handy for making ".onion" addresses work with applications that
|
||||
resolve an address and then connect to it. (Default: 0)
|
||||
|
||||
|
@ -1747,10 +1747,11 @@ The following options are used to configure a hidden service.
|
|||
Configure a virtual port VIRTPORT for a hidden service. You may use this
|
||||
option multiple times; each time applies to the service using the most
|
||||
recent hiddenservicedir. By default, this option maps the virtual port to
|
||||
the same port on 127.0.0.1. You may override the target port, address, or
|
||||
both by specifying a target of addr, port, or addr:port. You may also have
|
||||
multiple lines with the same VIRTPORT: when a user connects to that
|
||||
VIRTPORT, one of the TARGETs from those lines will be chosen at random.
|
||||
the same port on 127.0.0.1 over TCP. You may override the target port,
|
||||
address, or both by specifying a target of addr, port, or addr:port.
|
||||
You may also have multiple lines with the same VIRTPORT: when a user
|
||||
connects to that VIRTPORT, one of the TARGETs from those lines will be
|
||||
chosen at random.
|
||||
|
||||
**PublishHidServDescriptors** **0**|**1**::
|
||||
If set to 0, Tor will run any hidden services you configure, but it won't
|
||||
|
@ -1775,7 +1776,7 @@ The following options are used to configure a hidden service.
|
|||
their configuration file using **HidServAuth**.
|
||||
|
||||
**RendPostPeriod** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
|
||||
Every time the specified period elapses, Tor uploads any rendezvous
|
||||
Every time the specified period elapses, Tor uploads any rendezvous
|
||||
service descriptors to the directory servers. This information is also
|
||||
uploaded whenever it changes. (Default: 1 hour)
|
||||
|
||||
|
|
|
@ -2322,7 +2322,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
|
|||
}
|
||||
string[r] = '\0'; /* NUL-terminate the result. */
|
||||
|
||||
#ifdef _WIN32
|
||||
#if defined(_WIN32) || defined(__CYGWIN__)
|
||||
if (!bin && strchr(string, '\r')) {
|
||||
log_debug(LD_FS, "We didn't convert CRLF to LF as well as we hoped "
|
||||
"when reading %s. Coping.",
|
||||
|
|
|
@ -2646,8 +2646,25 @@ pathbias_count_first_hop(origin_circuit_t *circ)
|
|||
char *rate_msg = NULL;
|
||||
|
||||
/* Completely ignore one hop circuits */
|
||||
if (circ->build_state->onehop_tunnel) {
|
||||
tor_assert(circ->build_state->desired_path_len == 1);
|
||||
if (circ->build_state->onehop_tunnel ||
|
||||
circ->build_state->desired_path_len == 1) {
|
||||
/* Check for inconsistency */
|
||||
if (circ->build_state->desired_path_len != 1 ||
|
||||
!circ->build_state->onehop_tunnel) {
|
||||
if ((rate_msg = rate_limit_log(&first_hop_notice_limit,
|
||||
approx_time()))) {
|
||||
log_info(LD_BUG,
|
||||
"One-hop circuit has length %d. Path state is %s. "
|
||||
"Circuit is a %s currently %s.%s",
|
||||
circ->build_state->desired_path_len,
|
||||
pathbias_state_to_string(circ->path_state),
|
||||
circuit_purpose_to_string(circ->_base.purpose),
|
||||
circuit_state_to_string(circ->_base.state),
|
||||
rate_msg);
|
||||
tor_free(rate_msg);
|
||||
}
|
||||
tor_fragile_assert();
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -2658,11 +2675,12 @@ pathbias_count_first_hop(origin_circuit_t *circ)
|
|||
approx_time()))) {
|
||||
log_info(LD_BUG,
|
||||
"Opened circuit is in strange path state %s. "
|
||||
"Circuit is a %s currently %s. %s",
|
||||
"Circuit is a %s currently %s.%s",
|
||||
pathbias_state_to_string(circ->path_state),
|
||||
circuit_purpose_to_string(circ->_base.purpose),
|
||||
circuit_state_to_string(circ->_base.state),
|
||||
rate_msg);
|
||||
tor_free(rate_msg);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2685,11 +2703,12 @@ pathbias_count_first_hop(origin_circuit_t *circ)
|
|||
approx_time()))) {
|
||||
log_info(LD_BUG,
|
||||
"Unopened circuit has strange path state %s. "
|
||||
"Circuit is a %s currently %s. %s",
|
||||
"Circuit is a %s currently %s.%s",
|
||||
pathbias_state_to_string(circ->path_state),
|
||||
circuit_purpose_to_string(circ->_base.purpose),
|
||||
circuit_state_to_string(circ->_base.state),
|
||||
rate_msg);
|
||||
tor_free(rate_msg);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
@ -2697,10 +2716,11 @@ pathbias_count_first_hop(origin_circuit_t *circ)
|
|||
approx_time()))) {
|
||||
log_info(LD_BUG,
|
||||
"Unopened circuit has no known guard. "
|
||||
"Circuit is a %s currently %s. %s",
|
||||
"Circuit is a %s currently %s.%s",
|
||||
circuit_purpose_to_string(circ->_base.purpose),
|
||||
circuit_state_to_string(circ->_base.state),
|
||||
rate_msg);
|
||||
tor_free(rate_msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -2711,12 +2731,13 @@ pathbias_count_first_hop(origin_circuit_t *circ)
|
|||
approx_time()))) {
|
||||
log_info(LD_BUG,
|
||||
"A %s circuit is in cpath state %d (opened: %d). "
|
||||
"Circuit is a %s currently %s. %s",
|
||||
"Circuit is a %s currently %s.%s",
|
||||
pathbias_state_to_string(circ->path_state),
|
||||
circ->cpath->state, circ->has_opened,
|
||||
circuit_purpose_to_string(circ->_base.purpose),
|
||||
circuit_state_to_string(circ->_base.state),
|
||||
rate_msg);
|
||||
tor_free(rate_msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -2740,8 +2761,25 @@ pathbias_count_success(origin_circuit_t *circ)
|
|||
char *rate_msg = NULL;
|
||||
|
||||
/* Ignore one hop circuits */
|
||||
if (circ->build_state->onehop_tunnel) {
|
||||
tor_assert(circ->build_state->desired_path_len == 1);
|
||||
if (circ->build_state->onehop_tunnel ||
|
||||
circ->build_state->desired_path_len == 1) {
|
||||
/* Check for consistency */
|
||||
if (circ->build_state->desired_path_len != 1 ||
|
||||
!circ->build_state->onehop_tunnel) {
|
||||
if ((rate_msg = rate_limit_log(&success_notice_limit,
|
||||
approx_time()))) {
|
||||
log_info(LD_BUG,
|
||||
"One-hop circuit has length %d. Path state is %s. "
|
||||
"Circuit is a %s currently %s.%s",
|
||||
circ->build_state->desired_path_len,
|
||||
pathbias_state_to_string(circ->path_state),
|
||||
circuit_purpose_to_string(circ->_base.purpose),
|
||||
circuit_state_to_string(circ->_base.state),
|
||||
rate_msg);
|
||||
tor_free(rate_msg);
|
||||
}
|
||||
tor_fragile_assert();
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -2763,11 +2801,12 @@ pathbias_count_success(origin_circuit_t *circ)
|
|||
approx_time()))) {
|
||||
log_info(LD_BUG,
|
||||
"Succeeded circuit is in strange path state %s. "
|
||||
"Circuit is a %s currently %s. %s",
|
||||
"Circuit is a %s currently %s.%s",
|
||||
pathbias_state_to_string(circ->path_state),
|
||||
circuit_purpose_to_string(circ->_base.purpose),
|
||||
circuit_state_to_string(circ->_base.state),
|
||||
rate_msg);
|
||||
tor_free(rate_msg);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2782,10 +2821,11 @@ pathbias_count_success(origin_circuit_t *circ)
|
|||
approx_time()))) {
|
||||
log_info(LD_BUG,
|
||||
"Completed circuit has no known guard. "
|
||||
"Circuit is a %s currently %s. %s",
|
||||
"Circuit is a %s currently %s.%s",
|
||||
circuit_purpose_to_string(circ->_base.purpose),
|
||||
circuit_state_to_string(circ->_base.state),
|
||||
rate_msg);
|
||||
tor_free(rate_msg);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
@ -2794,11 +2834,12 @@ pathbias_count_success(origin_circuit_t *circ)
|
|||
approx_time()))) {
|
||||
log_info(LD_BUG,
|
||||
"Opened circuit is in strange path state %s. "
|
||||
"Circuit is a %s currently %s. %s",
|
||||
"Circuit is a %s currently %s.%s",
|
||||
pathbias_state_to_string(circ->path_state),
|
||||
circuit_purpose_to_string(circ->_base.purpose),
|
||||
circuit_state_to_string(circ->_base.state),
|
||||
rate_msg);
|
||||
tor_free(rate_msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -5269,19 +5310,22 @@ transport_resolve_conflicts(transport_t *t)
|
|||
t_tmp->marked_for_removal = 0;
|
||||
return 1;
|
||||
} else { /* same name but different addrport */
|
||||
char *new_transport_addr = tor_strdup(fmt_addr(&t->addr));
|
||||
if (t_tmp->marked_for_removal) { /* marked for removal */
|
||||
log_notice(LD_GENERAL, "You tried to add transport '%s' at '%s:%u' "
|
||||
"but there was already a transport marked for deletion at "
|
||||
"'%s:%u'. We deleted the old transport and registered the "
|
||||
"new one.", t->name, fmt_addr(&t->addr), t->port,
|
||||
"new one.", t->name, new_transport_addr, t->port,
|
||||
fmt_addr(&t_tmp->addr), t_tmp->port);
|
||||
smartlist_remove(transport_list, t_tmp);
|
||||
transport_free(t_tmp);
|
||||
tor_free(new_transport_addr);
|
||||
} else { /* *not* marked for removal */
|
||||
log_notice(LD_GENERAL, "You tried to add transport '%s' at '%s:%u' "
|
||||
"but the same transport already exists at '%s:%u'. "
|
||||
"Skipping.", t->name, fmt_addr(&t->addr), t->port,
|
||||
"Skipping.", t->name, new_transport_addr, t->port,
|
||||
fmt_addr(&t_tmp->addr), t_tmp->port);
|
||||
tor_free(new_transport_addr);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -428,7 +428,7 @@ command_process_create_cell(cell_t *cell, or_connection_t *conn)
|
|||
log_warn(LD_GENERAL,"Failed to hand off onionskin. Closing.%s",m);
|
||||
tor_free(m);
|
||||
}
|
||||
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
|
||||
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT);
|
||||
return;
|
||||
}
|
||||
log_debug(LD_OR,"success: handed off onionskin.");
|
||||
|
|
|
@ -969,6 +969,9 @@ add_default_trusted_dir_authorities(dirinfo_type_t type)
|
|||
"maatuska orport=80 no-v2 "
|
||||
"v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
|
||||
"171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
|
||||
"Faravahar orport=443 no-v2 "
|
||||
"v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
|
||||
"154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
|
||||
NULL
|
||||
};
|
||||
for (i=0; dirservers[i]; i++) {
|
||||
|
|
|
@ -4279,14 +4279,17 @@ typedef struct rend_intro_point_t {
|
|||
time_t time_expiring;
|
||||
} rend_intro_point_t;
|
||||
|
||||
#define REND_PROTOCOL_VERSION_BITMASK_WIDTH 16
|
||||
|
||||
/** Information used to connect to a hidden service. Used on both the
|
||||
* service side and the client side. */
|
||||
typedef struct rend_service_descriptor_t {
|
||||
crypto_pk_t *pk; /**< This service's public key. */
|
||||
int version; /**< Version of the descriptor format: 0 or 2. */
|
||||
time_t timestamp; /**< Time when the descriptor was generated. */
|
||||
uint16_t protocols; /**< Bitmask: which rendezvous protocols are supported?
|
||||
* (We allow bits '0', '1', and '2' to be set.) */
|
||||
/** Bitmask: which rendezvous protocols are supported?
|
||||
* (We allow bits '0', '1', and '2' to be set.) */
|
||||
int protocols : REND_PROTOCOL_VERSION_BITMASK_WIDTH;
|
||||
/** List of the service's introduction points. Elements are removed if
|
||||
* introduction attempts fail. */
|
||||
smartlist_t *intro_nodes;
|
||||
|
|
|
@ -2478,7 +2478,7 @@ connection_or_flush_from_first_active_circuit(or_connection_t *conn, int max,
|
|||
tor_assert(tmp == cell_ewma);
|
||||
add_cell_ewma_to_conn(conn, cell_ewma);
|
||||
}
|
||||
if (circ != conn->active_circuits) {
|
||||
if (!ewma_enabled && circ != conn->active_circuits) {
|
||||
/* If this happens, the current circuit just got made inactive by
|
||||
* a call in connection_write_to_buf(). That's nothing to worry about:
|
||||
* circuit_make_inactive_on_conn() already advanced conn->active_circuits
|
||||
|
|
|
@ -4823,6 +4823,9 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
|
|||
10, 0, INT_MAX, &num_ok, NULL);
|
||||
if (!num_ok) /* It's a string; let's ignore it. */
|
||||
continue;
|
||||
if (version >= REND_PROTOCOL_VERSION_BITMASK_WIDTH)
|
||||
/* Avoid undefined left-shift behaviour. */
|
||||
continue;
|
||||
result->protocols |= 1 << version;
|
||||
}
|
||||
SMARTLIST_FOREACH(versions, char *, cp, tor_free(cp));
|
||||
|
|
Loading…
Reference in New Issue