Merge remote-tracking branch 'origin/maint-0.2.5' into release-0.2.5
This commit is contained in:
commit
f77d8901fc
|
@ -0,0 +1,5 @@
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Disable sandbox name resolver cache when running tor-resolve:
|
||||||
|
tor-resolve doesn't use the sandbox code, and turning it on was
|
||||||
|
breaking attempts to do tor-resolve on a non-default server on
|
||||||
|
Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
|
|
@ -0,0 +1,4 @@
|
||||||
|
o Compilation fixes:
|
||||||
|
- Build and run correctly on systems like OpenBSD-current that
|
||||||
|
have patched OpenSSL to remove get_cipher_by_char and/or its
|
||||||
|
implementations. Fixes issue 13325.
|
|
@ -0,0 +1,3 @@
|
||||||
|
o Downgraded warnings:
|
||||||
|
- Downgrade the severity of the 'unexpected sendme cell from client' from
|
||||||
|
'warn' to 'protocol warning'. Closes ticket 8093.
|
|
@ -0,0 +1,4 @@
|
||||||
|
o Major security fixes:
|
||||||
|
- Disable support for SSLv3. All versions of OpenSSL in use with
|
||||||
|
Tor today support TLS 1.0 or later, so we can safely turn off
|
||||||
|
support for this old (and insecure) protocol. Fixes bug 13426.
|
|
@ -578,6 +578,10 @@ else
|
||||||
fi
|
fi
|
||||||
AC_SUBST(TOR_OPENSSL_LIBS)
|
AC_SUBST(TOR_OPENSSL_LIBS)
|
||||||
|
|
||||||
|
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
|
||||||
|
[#include <openssl/ssl.h>
|
||||||
|
])
|
||||||
|
|
||||||
dnl ------------------------------------------------------
|
dnl ------------------------------------------------------
|
||||||
dnl Where do you live, zlib? And how do we call you?
|
dnl Where do you live, zlib? And how do we call you?
|
||||||
|
|
||||||
|
|
|
@ -1385,6 +1385,18 @@ HT_GENERATE(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
|
||||||
cached_getaddrinfo_items_eq,
|
cached_getaddrinfo_items_eq,
|
||||||
0.6, tor_malloc_, tor_realloc_, tor_free_);
|
0.6, tor_malloc_, tor_realloc_, tor_free_);
|
||||||
|
|
||||||
|
/** If true, don't try to cache getaddrinfo results. */
|
||||||
|
static int sandbox_getaddrinfo_cache_disabled = 0;
|
||||||
|
|
||||||
|
/** Tell the sandbox layer not to try to cache getaddrinfo results. Used as in
|
||||||
|
* tor-resolve, when we have no intention of initializing crypto or of
|
||||||
|
* installing the sandbox.*/
|
||||||
|
void
|
||||||
|
sandbox_disable_getaddrinfo_cache(void)
|
||||||
|
{
|
||||||
|
sandbox_getaddrinfo_cache_disabled = 1;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
sandbox_getaddrinfo(const char *name, const char *servname,
|
sandbox_getaddrinfo(const char *name, const char *servname,
|
||||||
const struct addrinfo *hints,
|
const struct addrinfo *hints,
|
||||||
|
@ -1393,6 +1405,10 @@ sandbox_getaddrinfo(const char *name, const char *servname,
|
||||||
int err;
|
int err;
|
||||||
struct cached_getaddrinfo_item_t search, *item;
|
struct cached_getaddrinfo_item_t search, *item;
|
||||||
|
|
||||||
|
if (sandbox_getaddrinfo_cache_disabled) {
|
||||||
|
return getaddrinfo(name, NULL, hints, res);
|
||||||
|
}
|
||||||
|
|
||||||
if (servname != NULL) {
|
if (servname != NULL) {
|
||||||
log_warn(LD_BUG, "called with non-NULL servname");
|
log_warn(LD_BUG, "called with non-NULL servname");
|
||||||
return EAI_NONAME;
|
return EAI_NONAME;
|
||||||
|
@ -1834,5 +1850,10 @@ sandbox_is_active(void)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
sandbox_disable_getaddrinfo_cache(void)
|
||||||
|
{
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -208,5 +208,7 @@ int sandbox_init(sandbox_cfg_t* cfg);
|
||||||
/** Return true iff the sandbox is turned on. */
|
/** Return true iff the sandbox is turned on. */
|
||||||
int sandbox_is_active(void);
|
int sandbox_is_active(void);
|
||||||
|
|
||||||
|
void sandbox_disable_getaddrinfo_cache(void);
|
||||||
|
|
||||||
#endif /* SANDBOX_H_ */
|
#endif /* SANDBOX_H_ */
|
||||||
|
|
||||||
|
|
|
@ -1245,10 +1245,11 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
||||||
goto error;
|
goto error;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */
|
/* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */
|
||||||
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
|
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
|
||||||
goto error;
|
goto error;
|
||||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
|
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
|
||||||
|
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
|
||||||
|
|
||||||
/* Prefer the server's ordering of ciphers: the client's ordering has
|
/* Prefer the server's ordering of ciphers: the client's ordering has
|
||||||
* historically been chosen for fingerprinting resistance. */
|
* historically been chosen for fingerprinting resistance. */
|
||||||
|
@ -1287,6 +1288,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* XXX This block is now obsolete. */
|
||||||
if (
|
if (
|
||||||
#ifdef DISABLE_SSL3_HANDSHAKE
|
#ifdef DISABLE_SSL3_HANDSHAKE
|
||||||
1 ||
|
1 ||
|
||||||
|
@ -1468,6 +1470,43 @@ static uint16_t v2_cipher_list[] = {
|
||||||
/** Have we removed the unrecognized ciphers from v2_cipher_list yet? */
|
/** Have we removed the unrecognized ciphers from v2_cipher_list yet? */
|
||||||
static int v2_cipher_list_pruned = 0;
|
static int v2_cipher_list_pruned = 0;
|
||||||
|
|
||||||
|
/** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>;
|
||||||
|
* return 1 if it does support it, or if we have no way to tell. */
|
||||||
|
static int
|
||||||
|
find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
|
||||||
|
{
|
||||||
|
const SSL_CIPHER *c;
|
||||||
|
#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR
|
||||||
|
if (m && m->get_cipher_by_char) {
|
||||||
|
unsigned char cipherid[3];
|
||||||
|
set_uint16(cipherid, htons(cipher));
|
||||||
|
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
|
||||||
|
* with a two-byte 'cipherid', it may look for a v2
|
||||||
|
* cipher with the appropriate 3 bytes. */
|
||||||
|
c = m->get_cipher_by_char(cipherid);
|
||||||
|
if (c)
|
||||||
|
tor_assert((c->id & 0xffff) == cipher);
|
||||||
|
return c != NULL;
|
||||||
|
} else
|
||||||
|
#endif
|
||||||
|
if (m && m->get_cipher && m->num_ciphers) {
|
||||||
|
/* It would seem that some of the "let's-clean-up-openssl" forks have
|
||||||
|
* removed the get_cipher_by_char function. Okay, so now you get a
|
||||||
|
* quadratic search.
|
||||||
|
*/
|
||||||
|
int i;
|
||||||
|
for (i = 0; i < m->num_ciphers(); ++i) {
|
||||||
|
c = m->get_cipher(i);
|
||||||
|
if (c && (c->id & 0xffff) == cipher) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
return 1; /* No way to search */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/** Remove from v2_cipher_list every cipher that we don't support, so that
|
/** Remove from v2_cipher_list every cipher that we don't support, so that
|
||||||
* comparing v2_cipher_list to a client's cipher list will give a sensible
|
* comparing v2_cipher_list to a client's cipher list will give a sensible
|
||||||
* result. */
|
* result. */
|
||||||
|
@ -1479,16 +1518,7 @@ prune_v2_cipher_list(void)
|
||||||
|
|
||||||
inp = outp = v2_cipher_list;
|
inp = outp = v2_cipher_list;
|
||||||
while (*inp) {
|
while (*inp) {
|
||||||
unsigned char cipherid[3];
|
if (find_cipher_by_id(m, *inp)) {
|
||||||
const SSL_CIPHER *cipher;
|
|
||||||
/* Is there no better way to do this? */
|
|
||||||
set_uint16(cipherid, htons(*inp));
|
|
||||||
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
|
|
||||||
* with a two-byte 'cipherid', it may look for a v2
|
|
||||||
* cipher with the appropriate 3 bytes. */
|
|
||||||
cipher = m->get_cipher_by_char(cipherid);
|
|
||||||
if (cipher) {
|
|
||||||
tor_assert((cipher->id & 0xffff) == *inp);
|
|
||||||
*outp++ = *inp++;
|
*outp++ = *inp++;
|
||||||
} else {
|
} else {
|
||||||
inp++;
|
inp++;
|
||||||
|
|
|
@ -1718,7 +1718,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
|
||||||
if (circ->package_window + CIRCWINDOW_INCREMENT >
|
if (circ->package_window + CIRCWINDOW_INCREMENT >
|
||||||
CIRCWINDOW_START_MAX) {
|
CIRCWINDOW_START_MAX) {
|
||||||
static struct ratelim_t client_warn_ratelim = RATELIM_INIT(600);
|
static struct ratelim_t client_warn_ratelim = RATELIM_INIT(600);
|
||||||
log_fn_ratelim(&client_warn_ratelim, LOG_WARN, LD_PROTOCOL,
|
log_fn_ratelim(&client_warn_ratelim,LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
||||||
"Unexpected sendme cell from client. "
|
"Unexpected sendme cell from client. "
|
||||||
"Closing circ (window %d).",
|
"Closing circ (window %d).",
|
||||||
circ->package_window);
|
circ->package_window);
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
#include "../common/util.h"
|
#include "../common/util.h"
|
||||||
#include "address.h"
|
#include "address.h"
|
||||||
#include "../common/torlog.h"
|
#include "../common/torlog.h"
|
||||||
|
#include "sandbox.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
@ -344,6 +345,7 @@ main(int argc, char **argv)
|
||||||
log_severity_list_t *s = tor_malloc_zero(sizeof(log_severity_list_t));
|
log_severity_list_t *s = tor_malloc_zero(sizeof(log_severity_list_t));
|
||||||
|
|
||||||
init_logging();
|
init_logging();
|
||||||
|
sandbox_disable_getaddrinfo_cache();
|
||||||
|
|
||||||
arg = &argv[1];
|
arg = &argv[1];
|
||||||
n_args = argc-1;
|
n_args = argc-1;
|
||||||
|
|
Loading…
Reference in New Issue