sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'maint-0.2.3' into release-0.2.3

This commit is contained in:
Roger Dingledine 2012-10-13 18:35:05 -04:00
parent 213ba1a70b e2549c3b74
commit f52fd41842
17 changed files with 123 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changes/bug6024 Normal file
View File

@ -0,0 +1,2 @@
o Documentation fixes:
- Clarify that hidden services are TCP only. Fixes bug 6024.

5
changes/bug6341 Normal file
View File

@ -0,0 +1,5 @@
o Major bugfixes:
- Fix a possible crash bug when checking for deactivated circuits
in connection_or_flush_from_first_active_circuit(). Fixes bug
6341; bugfix on 0.2.2.7-alpha. Bug report and fix received
pseudonymously.

9
changes/bug6827 Normal file
View File

@ -0,0 +1,9 @@
o Minor bugfixes:
- Avoid undefined behaviour when parsing the list of supported
rendezvous/introduction protocols in a hidden service
descriptor. Previously, Tor would have confused (as-yet-unused)
protocol version numbers greater than 32 with lower ones on many
platforms. Fixes bug 6827; bugfix on 0.2.0.10-alpha; found by
George Kadianakis.

4
changes/bug6844 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes:
- Correct file sizes when reading binary files on
Cygwin, to avoid a bug where Tor would fail to read its state file.
Fixes bug 6844; bugfix on 0.1.2.7-alpha.

4
changes/bug6866 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes:
- Convert an assert in the pathbias code to a log message. Assert
appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
bugfix on 0.2.3.17-beta.

5
changes/bug7014 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes:
- Fix two cases in src/or/transports.c where we were calling
fmt_addr() twice in a parameter list. Bug found by David
Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.

3
changes/bug7022 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes:
- Fix memory leaks whenever we logged any message about the "path
bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.

6
changes/bug7037 Normal file
View File

@ -0,0 +1,6 @@
o Minor bugfixes:
- When relays refuse a "create" cell because their queue of pending
create cells is too big (typically because their cpu can't keep up
with the arrival rate), send back reason "resource limit" rather
than reason "internal", so network measurement scripts can get a
more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037.

3
changes/ticket5749 Normal file
View File

@ -0,0 +1,3 @@
o New directory authorities:
- Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
authority. Closes ticket 5749.

21
doc/tor.1.txt
View File

@ -81,7 +81,7 @@ COMMAND-LINE OPTIONS
Other options can be specified on the command-line in the format "--option
value", in the format "option value", or in a configuration file. For
instance, you can tell Tor to start listening for SOCKS connections on port
9999 by passing --SOCKSPort 9999 or SOCKPort 9999 to it on the command line,
9999 by passing --SOCKSPort 9999 or SOCKSPort 9999 to it on the command line,
or by putting "SOCKSPort 9999" in the configuration file. You will need to
quote options with spaces in them: if you want Tor to log all debugging
messages to debug.log, you will probably need to say --Log 'debug file
@ -237,7 +237,7 @@ GENERAL OPTIONS
recommend that you leave this alone unless you know what you're doing,
since giving attackers access to your control listener is really
dangerous. This directive can be specified multiple
times to bind to multiple addresses/ports. (Default: 127.0.0.1)
times to bind to multiple addresses/ports. (Default: 127.0.0.1)
**ControlSocket** __Path__::
Like ControlPort, but listens on a Unix domain socket, rather than a TCP
@ -762,7 +762,7 @@ The following options are useful only for clients (that is, if
purposes, e.g., for Tor controllers. This option may be used multiple times
for different hidden services. If a hidden service uses authorization and
this option is not set, the hidden service is not accessible. Hidden
services can be configured to require authorization using the
services can be configured to require authorization using the
**HiddenServiceAuthorizeClient** option.
**CloseHSClientCircuitsImmediatelyOnTimeout** **0**|**1**::
@ -1017,7 +1017,7 @@ The following options are useful only for clients (that is, if
Open this port to listen for transparent proxy connections. Set this to
0 if you don't want to allow transparent proxy connections. Set the port
to "auto" to have Tor pick a port for you. This directive can be
specified multiple times to bind to multiple addresses/ports. See
specified multiple times to bind to multiple addresses/ports. See
SOCKSPort for an explanation of isolation flags. +
+
TransPort requires OS support for transparent proxies, such as BSDs' pf or
@ -1055,7 +1055,7 @@ The following options are useful only for clients (that is, if
**AutomapHostsOnResolve** **0**|**1**::
When this option is enabled, and we get a request to resolve an address
that ends with one of the suffixes in **AutomapHostsSuffixes**, we map an
unused virtual address to that address, and return the new virtual address.
unused virtual address to that address, and return the new virtual address.
This is handy for making ".onion" addresses work with applications that
resolve an address and then connect to it. (Default: 0)
@ -1747,10 +1747,11 @@ The following options are used to configure a hidden service.
Configure a virtual port VIRTPORT for a hidden service. You may use this
option multiple times; each time applies to the service using the most
recent hiddenservicedir. By default, this option maps the virtual port to
the same port on 127.0.0.1. You may override the target port, address, or
both by specifying a target of addr, port, or addr:port. You may also have
multiple lines with the same VIRTPORT: when a user connects to that
VIRTPORT, one of the TARGETs from those lines will be chosen at random.
the same port on 127.0.0.1 over TCP. You may override the target port,
address, or both by specifying a target of addr, port, or addr:port.
You may also have multiple lines with the same VIRTPORT: when a user
connects to that VIRTPORT, one of the TARGETs from those lines will be
chosen at random.
**PublishHidServDescriptors** **0**|**1**::
If set to 0, Tor will run any hidden services you configure, but it won't
@ -1775,7 +1776,7 @@ The following options are used to configure a hidden service.
their configuration file using **HidServAuth**.
**RendPostPeriod** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
Every time the specified period elapses, Tor uploads any rendezvous
Every time the specified period elapses, Tor uploads any rendezvous
service descriptors to the directory servers. This information is also
uploaded whenever it changes. (Default: 1 hour)

2
src/common/util.c
View File

@ -2322,7 +2322,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
}
string[r] = '\0'; /* NUL-terminate the result. */
#ifdef _WIN32
#if defined(_WIN32) || defined(__CYGWIN__)
if (!bin && strchr(string, '\r')) {
log_debug(LD_FS, "We didn't convert CRLF to LF as well as we hoped "
"when reading %s. Coping.",

70
src/or/circuitbuild.c
View File

@ -2646,8 +2646,25 @@ pathbias_count_first_hop(origin_circuit_t *circ)
char *rate_msg = NULL;
/* Completely ignore one hop circuits */
if (circ->build_state->onehop_tunnel) {
tor_assert(circ->build_state->desired_path_len == 1);
if (circ->build_state->onehop_tunnel ||
circ->build_state->desired_path_len == 1) {
/* Check for inconsistency */
if (circ->build_state->desired_path_len != 1 ||
!circ->build_state->onehop_tunnel) {
if ((rate_msg = rate_limit_log(&first_hop_notice_limit,
approx_time()))) {
log_info(LD_BUG,
"One-hop circuit has length %d. Path state is %s. "
"Circuit is a %s currently %s.%s",
circ->build_state->desired_path_len,
pathbias_state_to_string(circ->path_state),
circuit_purpose_to_string(circ->_base.purpose),
circuit_state_to_string(circ->_base.state),
rate_msg);
tor_free(rate_msg);
}
tor_fragile_assert();
}
return 0;
}
@ -2658,11 +2675,12 @@ pathbias_count_first_hop(origin_circuit_t *circ)
approx_time()))) {
log_info(LD_BUG,
"Opened circuit is in strange path state %s. "
"Circuit is a %s currently %s. %s",
"Circuit is a %s currently %s.%s",
pathbias_state_to_string(circ->path_state),
circuit_purpose_to_string(circ->_base.purpose),
circuit_state_to_string(circ->_base.state),
rate_msg);
tor_free(rate_msg);
}
}
@ -2685,11 +2703,12 @@ pathbias_count_first_hop(origin_circuit_t *circ)
approx_time()))) {
log_info(LD_BUG,
"Unopened circuit has strange path state %s. "
"Circuit is a %s currently %s. %s",
"Circuit is a %s currently %s.%s",
pathbias_state_to_string(circ->path_state),
circuit_purpose_to_string(circ->_base.purpose),
circuit_state_to_string(circ->_base.state),
rate_msg);
tor_free(rate_msg);
}
}
} else {
@ -2697,10 +2716,11 @@ pathbias_count_first_hop(origin_circuit_t *circ)
approx_time()))) {
log_info(LD_BUG,
"Unopened circuit has no known guard. "
"Circuit is a %s currently %s. %s",
"Circuit is a %s currently %s.%s",
circuit_purpose_to_string(circ->_base.purpose),
circuit_state_to_string(circ->_base.state),
rate_msg);
tor_free(rate_msg);
}
}
}
@ -2711,12 +2731,13 @@ pathbias_count_first_hop(origin_circuit_t *circ)
approx_time()))) {
log_info(LD_BUG,
"A %s circuit is in cpath state %d (opened: %d). "
"Circuit is a %s currently %s. %s",
"Circuit is a %s currently %s.%s",
pathbias_state_to_string(circ->path_state),
circ->cpath->state, circ->has_opened,
circuit_purpose_to_string(circ->_base.purpose),
circuit_state_to_string(circ->_base.state),
rate_msg);
tor_free(rate_msg);
}
}
}
@ -2740,8 +2761,25 @@ pathbias_count_success(origin_circuit_t *circ)
char *rate_msg = NULL;
/* Ignore one hop circuits */
if (circ->build_state->onehop_tunnel) {
tor_assert(circ->build_state->desired_path_len == 1);
if (circ->build_state->onehop_tunnel ||
circ->build_state->desired_path_len == 1) {
/* Check for consistency */
if (circ->build_state->desired_path_len != 1 ||
!circ->build_state->onehop_tunnel) {
if ((rate_msg = rate_limit_log(&success_notice_limit,
approx_time()))) {
log_info(LD_BUG,
"One-hop circuit has length %d. Path state is %s. "
"Circuit is a %s currently %s.%s",
circ->build_state->desired_path_len,
pathbias_state_to_string(circ->path_state),
circuit_purpose_to_string(circ->_base.purpose),
circuit_state_to_string(circ->_base.state),
rate_msg);
tor_free(rate_msg);
}
tor_fragile_assert();
}
return;
}
@ -2763,11 +2801,12 @@ pathbias_count_success(origin_circuit_t *circ)
approx_time()))) {
log_info(LD_BUG,
"Succeeded circuit is in strange path state %s. "
"Circuit is a %s currently %s. %s",
"Circuit is a %s currently %s.%s",
pathbias_state_to_string(circ->path_state),
circuit_purpose_to_string(circ->_base.purpose),
circuit_state_to_string(circ->_base.state),
rate_msg);
tor_free(rate_msg);
}
}
@ -2782,10 +2821,11 @@ pathbias_count_success(origin_circuit_t *circ)
approx_time()))) {
log_info(LD_BUG,
"Completed circuit has no known guard. "
"Circuit is a %s currently %s. %s",
"Circuit is a %s currently %s.%s",
circuit_purpose_to_string(circ->_base.purpose),
circuit_state_to_string(circ->_base.state),
rate_msg);
tor_free(rate_msg);
}
}
} else {
@ -2794,11 +2834,12 @@ pathbias_count_success(origin_circuit_t *circ)
approx_time()))) {
log_info(LD_BUG,
"Opened circuit is in strange path state %s. "
"Circuit is a %s currently %s. %s",
"Circuit is a %s currently %s.%s",
pathbias_state_to_string(circ->path_state),
circuit_purpose_to_string(circ->_base.purpose),
circuit_state_to_string(circ->_base.state),
rate_msg);
tor_free(rate_msg);
}
}
}
@ -5269,19 +5310,22 @@ transport_resolve_conflicts(transport_t *t)
t_tmp->marked_for_removal = 0;
return 1;
} else { /* same name but different addrport */
char *new_transport_addr = tor_strdup(fmt_addr(&t->addr));
if (t_tmp->marked_for_removal) { /* marked for removal */
log_notice(LD_GENERAL, "You tried to add transport '%s' at '%s:%u' "
"but there was already a transport marked for deletion at "
"'%s:%u'. We deleted the old transport and registered the "
"new one.", t->name, fmt_addr(&t->addr), t->port,
"new one.", t->name, new_transport_addr, t->port,
fmt_addr(&t_tmp->addr), t_tmp->port);
smartlist_remove(transport_list, t_tmp);
transport_free(t_tmp);
tor_free(new_transport_addr);
} else { /* *not* marked for removal */
log_notice(LD_GENERAL, "You tried to add transport '%s' at '%s:%u' "
"but the same transport already exists at '%s:%u'. "
"Skipping.", t->name, fmt_addr(&t->addr), t->port,
"Skipping.", t->name, new_transport_addr, t->port,
fmt_addr(&t_tmp->addr), t_tmp->port);
tor_free(new_transport_addr);
return -1;
}
}

2
src/or/command.c
View File

@ -428,7 +428,7 @@ command_process_create_cell(cell_t *cell, or_connection_t *conn)
log_warn(LD_GENERAL,"Failed to hand off onionskin. Closing.%s",m);
tor_free(m);
}
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT);
return;
}
log_debug(LD_OR,"success: handed off onionskin.");

3
src/or/config.c
View File

@ -969,6 +969,9 @@ add_default_trusted_dir_authorities(dirinfo_type_t type)
"maatuska orport=80 no-v2 "
"v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
"171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
"Faravahar orport=443 no-v2 "
"v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
"154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
NULL
};
for (i=0; dirservers[i]; i++) {

7
src/or/or.h
View File

@ -4279,14 +4279,17 @@ typedef struct rend_intro_point_t {
time_t time_expiring;
} rend_intro_point_t;
#define REND_PROTOCOL_VERSION_BITMASK_WIDTH 16
/** Information used to connect to a hidden service. Used on both the
* service side and the client side. */
typedef struct rend_service_descriptor_t {
crypto_pk_t *pk; /**< This service's public key. */
int version; /**< Version of the descriptor format: 0 or 2. */
time_t timestamp; /**< Time when the descriptor was generated. */
uint16_t protocols; /**< Bitmask: which rendezvous protocols are supported?
* (We allow bits '0', '1', and '2' to be set.) */
/** Bitmask: which rendezvous protocols are supported?
* (We allow bits '0', '1', and '2' to be set.) */
int protocols : REND_PROTOCOL_VERSION_BITMASK_WIDTH;
/** List of the service's introduction points. Elements are removed if
* introduction attempts fail. */
smartlist_t *intro_nodes;

2
src/or/relay.c
View File

@ -2478,7 +2478,7 @@ connection_or_flush_from_first_active_circuit(or_connection_t *conn, int max,
tor_assert(tmp == cell_ewma);
add_cell_ewma_to_conn(conn, cell_ewma);
}
if (circ != conn->active_circuits) {
if (!ewma_enabled && circ != conn->active_circuits) {
/* If this happens, the current circuit just got made inactive by
* a call in connection_write_to_buf(). That's nothing to worry about:
* circuit_make_inactive_on_conn() already advanced conn->active_circuits

3
src/or/routerparse.c
View File

@ -4823,6 +4823,9 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
10, 0, INT_MAX, &num_ok, NULL);
if (!num_ok) /* It's a string; let's ignore it. */
continue;
if (version >= REND_PROTOCOL_VERSION_BITMASK_WIDTH)
/* Avoid undefined left-shift behaviour. */
continue;
result->protocols |= 1 << version;
}
SMARTLIST_FOREACH(versions, char *, cp, tor_free(cp));