aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Bump version to 0.2.5.4-alpha-devNick Mathewson2014-04-25
|
* Fix hyphen handling in format_changelogNick Mathewson2014-04-25
|
* reflow changelog.Nick Mathewson2014-04-25
|
* place the cherries on top and call it doneRoger Dingledine2014-04-25
|
* promote two stanzas; shuffle around two moreRoger Dingledine2014-04-25
|
* touchups on upcoming changelogRoger Dingledine2014-04-25
|
* resolve a typo: sanboxing->sandboxing.Nick Mathewson2014-04-25
|
* two changelog tweaks suggested by AndreaNick Mathewson2014-04-25
|
* Write a release blurbNick Mathewson2014-04-25
|
* Re-order and combine changelog sectionsNick Mathewson2014-04-25
|
* Integrate another entry to the changelog; twiddle changelog moreNick Mathewson2014-04-25
| | | | | Work on style, add some sentences to blurb, explain that 10468 is more general than had been described, etc etc
* format_changelog.py now formats the first section, in-place.Nick Mathewson2014-04-25
|
* Bump version to 0.2.5.4-alpha.Nick Mathewson2014-04-25
| | | | Probably releasing within ~22 hours, pending testing
* fix memory leak in dump_exit_policy_to_string testsNick Mathewson2014-04-25
|
* Include the scan-build.sh script I used for 8793Nick Mathewson2014-04-25
| | | | | Otherwise we'll never remember what to re-run before each release, or whether we tried a given checker.
* Merge branch 'scanbuild_fixes'Nick Mathewson2014-04-25
|\
| * Changes file for scan-build fixes (#8793)Nick Mathewson2014-04-25
| |
| * scan-build: memarea_strndup() undefined behaviorNick Mathewson2014-04-19
| | | | | | | | | | | | | | | | The memarea_strndup() function would have hit undefined behavior by creating an 'end' pointer off the end of a string if it had ever been given an 'n' argument bigger than the length of the memory ares that it's scanning. Fortunately, we never did that except in the unit tests. But it's not a safe behavior to leave lying around.
| * scan-build: avoid undef behaior in tor_inet_ptonNick Mathewson2014-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | If we had an address of the form "1.2.3.4" and we tried to pass it to tor_inet_pton with AF_INET6, it was possible for our 'eow' pointer to briefly move backwards to the point before the start of the string, before we moved it right back to the start of the string. C doesn't allow that, and though we haven't yet hit a compiler that decided to nuke us in response, it's best to fix. So, be more explicit about requiring there to be a : before any IPv4 address part of the IPv6 address. We would have rejected addresses without a : for not being IPv6 later on anyway.
| * scan-build: sizeof(ptr*) in a debugging log in ext_orport.cNick Mathewson2014-04-19
| | | | | | | | | | | | Instead of taking the length of a buffer, we were taking the length of a pointer, so that our debugging log would cover only the first sizeof(void*) bytes of the client nonce.
| * scan-build: Fix harmless sizeof(ptr) in test_oom.cNick Mathewson2014-04-19
| | | | | | | | | | We meant to using random bytes to fill a buffer, up to 3000 at a time. Instead we were taking them sizeof(void*) at a time.
| * scan-build: close stdio FILEs on error in tor-gencertNick Mathewson2014-04-19
| | | | | | | | | | This is harmless, since tor-gencert exits right afterwards, but it's best to clean up after ourselves.
| * scan-build: truncate tinytest hexified outputs to 1024 bytes.Nick Mathewson2014-04-19
| | | | | | | | | | | | scan-build didn't like the unlimited version since we might need to overflow size_t to hexify a string that took up half our address space. (!)
| * scan-build: limit hashtable size so it always fits in SSIZE_MAXNick Mathewson2014-04-19
| | | | | | | | | | | | | | | | | | | | | | | | scan-build recognizes that in theory there could be a numeric overflow here. This can't numeric overflow can't trigger IRL, since in order to fill a hash table with more than P=402653189 buckets with a reasonable load factor of 0.5, we'd first have P/2 malloced objects to put in it--- and each of those would have to take take at least sizeof(void*) worth of malloc overhead plus sizeof(void*) content, which would run you out of address space anyway on a 32-bit system.
| * scan-build: bulletproof last-chance errormsg generation in rendservice.cNick Mathewson2014-04-18
| | | | | | | | | | | | | | If 'intro' is NULL in these functions, I'm pretty sure that the error message must be set before we hit the end. But scan-build doesn't notice that, and is worried that we'll do a null-pointer dereference in the last-chance errormsg generation.
| * scan-build: Have clear_pending_onions walk the lists more obviouslyNick Mathewson2014-04-18
| | | | | | | | | | | | | | As it stands, it relies on the fact that onion_queue_entry_remove will magically remove each onionskin from the right list. This patch changes the logic to be more resilient to possible bugs in onion_queue_entry_remove, and less confusing to static analysis tools.
| * scan-build: in cpuworker, initialize tv_startNick Mathewson2014-04-18
| | | | | | | | | | | | | | scan-build doesn't realize that a request can't be timed at the end unless it's timed at the start, and so it's not possible for us to be subtracting start from end without start being set. Nevertheless, let's not confuse it.
| * scan-build: get_proxy_addrport should always set its outputsNick Mathewson2014-04-18
| | | | | | | | | | | | | | When get_proxy_addrport returned PROXY_NONE, it would leave addr/port unset. This is inconsistent, and could (if we used the function in a stupid way) lead to undefined behavior. Bugfix on 5b050a9b0, though I don't think it affects tor-as-it-is.
| * scan-build: when logging a path length, check build_state.Nick Mathewson2014-04-18
| | | | | | | | | | | | Throughout circuituse, when we log about a circuit, we log its desired path length from build_state. scan-build is irrationally concerned that build_state might be NULL.
| * scan-build: Be consistent with a needless check in circuitmux.cNick Mathewson2014-04-18
| | | | | | | | | | | | | | | | | | In circuitmux_detach_all_circuits, we check whether an HT iterator gives us NULL. That should be impossible for an HT iterator. But our checking it has confused scan-build (justly) into thinking that our later use of HT_NEXT_RMV might not be kosher. I'm taking the coward's route here and strengthening the check. Bugfix on fd31dd44. (Not a real bug though)
| * scan-build: fix a crash-on-fail possibility in test_policy.cNick Mathewson2014-04-18
| |
| * scan-build: Avoid crashing on BUG in circuit_get_by_rend_token_and_purposeNick Mathewson2014-04-18
| | | | | | | | | | | | | | If we fail in circuit_get_by_rend_token_and_purpose because the circuit has no rend_info, don't try to reference fiends from its rend_info when logging an error. Bugfix on 8b9a2cb68, which is going into Tor 0.2.5.4-alpha.
| * scan-build: circuit_cpath_support_ntor had a dead initializationNick Mathewson2014-04-18
| | | | | | | | We were initializing cpath twice, which doesn't make sense.
| * scan-build: check impossible null-pointer case in buffers.cNick Mathewson2014-04-18
| | | | | | | | | | | | When maintaining buffer freelists, we don't skip more than there are, so (*chp) can't be null to begin with. scan-build has no way to know that.
| * scan-build: Add a check for result from getaddrinfoNick Mathewson2014-04-18
| | | | | | | | | | | | As documented, getaddrinfo always sets its result when it returns no error. But scan-build doesn't know that, and thinks we might be def
* | Revise changelog verbiage; try to tighten it up.Nick Mathewson2014-04-24
| |
* | ChangeLog: spell-check, prefer "relay" to "node" or "server"Nick Mathewson2014-04-24
| |
* | Try to sort the changelog a little moreNick Mathewson2014-04-24
| |
* | Fwd-port: Add a missing changelog entry back from 0.2.4.11-alphaNick Mathewson2014-04-24
| | | | | | | | | | | | | | | | | | | | | | | | When I merged the fix for #7351, and implemented proposal 214 (4-byte circuit IDs), I forgot to add a changes file. Later, we never noticed that it didn't have one. Resolves ticket #11555. Thanks to cypherpunks for noticing this was missing. This is a cherry-pick of 75e10f58a97f051f7d8576f96c2e32fcb2f07ade into the master branch.
* | Reformat the changelog for 0.2.5.4-alpha. No textual changes.Nick Mathewson2014-04-24
| | | | | | | | Also, add a script to do this, since doing it manually with fmt sucks.
* | More changes files get added to the changelogNick Mathewson2014-04-24
| |
* | whitespace fixNick Mathewson2014-04-24
| |
* | Merge remote-tracking branch 'public/bug11553_025'Nick Mathewson2014-04-24
|\ \
| * \ Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson2014-04-23
| |\ \ | | | | | | | | | | | | | | | | Conflicts: src/or/circuitbuild.c
| | * | Improvements to #11553 fix based on reviewNick Mathewson2014-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a per-channel ratelim_t to control the rate at which we report failures for each channel. Explain why I picked N=32. Never return a zero circID. Thanks to Andrea and to cypherpunks.
| * | | Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson2014-04-18
| |\| |
| | * | Add a rate-limiter for the other circuitID exhaustion warningNick Mathewson2014-04-18
| | | |
| * | | Diagnostic warning to see if it's pending destroys causing 11553Nick Mathewson2014-04-18
| | | |
| * | | Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson2014-04-18
| |\| | | | | | | | | | | | | | | | | | Conflicts: src/or/channel.h
| | * | Switch to random allocation on circuitIDs.Nick Mathewson2014-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a possible root cause of 11553 by only making 64 attempts at most to pick a circuitID. Previously, we would test every possible circuit ID until we found one or ran out. This algorithm succeeds probabilistically. As the comment says: This potentially causes us to give up early if our circuit ID space is nearly full. If we have N circuit IDs in use, then we will reject a new circuit with probability (N / max_range) ^ MAX_CIRCID_ATTEMPTS. This means that in practice, a few percent of our circuit ID capacity will go unused. The alternative here, though, is to do a linear search over the whole circuit ID space every time we extend a circuit, which is not so great either. This makes new vs old clients distinguishable, so we should try to batch it with other patches that do that, like 11438.