aboutsummaryrefslogtreecommitdiff
path: root/src/or/dnsserv.c
Commit message (Collapse)AuthorAge
* Update copyright dates to 2012; add a few missing copyright statementsNick Mathewson2012-06-04
|
* Merge remote-tracking branch 'public/split_entry_conn'Nick Mathewson2011-09-07
|\ | | | | | | | | | | | | | | | | | | | | Conflicts: src/or/connection.c src/or/connection_edge.c src/or/connection_edge.h src/or/dnsserv.c Some of these were a little tricky, since they touched code that changed because of the prop171 fixes.
| * Move entry-only fields from edge_connection_t to entry_connection_tNick Mathewson2011-07-21
| | | | | | | | Also, refactor the code accordingly.
| * Add a new type entry_connection_t for entry connectionsNick Mathewson2011-07-21
| | | | | | | | No fields have moved there yet; for now, it's just a placeholder type.
* | Implement protocol-type isolation correctly.Nick Mathewson2011-08-02
|/ | | | | | | | Previously we'd just looked at the connection type, but that's always CONN_TYPE_AP. Instead, we should be looking at the type of the listener that created the connection. Spotted by rransom; fixes bug 3636.
* Stick controller-originated resolves in their own session groupNick Mathewson2011-07-19
|
* Implement destaddr-based isolationNick Mathewson2011-07-19
| | | | | | The new candidate rule, which arma suggested and I like, is that the original address as received from the client connection or as rewritten by the controller is the address that counts.
* Add a new isolation type and field: "nym epoch"Nick Mathewson2011-07-19
| | | | | | | | | | The "nym epoch" of a stream is defined as the number of times that NEWNYM had been called before the stream was opened. All streams are isolated by nym epoch. This feature should be redundant with existing signewnym stuff, but it provides a good belt-and-suspenders way for us to avoid ever letting any circuit type bypass signewnym.
* (Unused) backend logic for stream isolationNick Mathewson2011-07-19
| | | | | | | | This patch adds fields to track how streams should be isolated, and ensures that those fields are set correctly. It also adds fields to track what streams can go on a circuit, and adds functions to see whether a streams can go on a circuit and update the circuit accordingly. Those functions aren't yet called.
* Refactor listener_connection_t into its own type.Nick Mathewson2011-07-19
| | | | | This will allow us to add more fields to listener_connection_t without bloating the other connection types.
* client-side DNS proxy server: reply NOTIMPL to unsupported queriesintrigeri2011-06-13
| | | | Fix for bug 3369.
* Use a 64-bit type to hold sockets on win64.Nick Mathewson2011-05-23
| | | | | | | | | | | | | On win64, sockets are of type UINT_PTR; on win32 they're u_int; elsewhere they're int. The correct windows way to check a socket for being set is to compare it with INVALID_SOCKET; elsewhere you see if it is negative. On Libevent 2, all callbacks take sockets as evutil_socket_t; we've been passing them int. This patch should fix compilation and correctness when built for 64-bit windows. Fixes bug 3270.
* Merge remote-tracking branch 'public/bug2332' into maint-0.2.2Nick Mathewson2011-04-26
|\
| * Make eventdns server functions const void* to match libeventNick Mathewson2011-01-10
| | | | | | | | partial fix for bug 2332
* | Triage the XXX022 and XXX021 comments remaining in the codeNick Mathewson2011-03-25
| | | | | | | | | | Remove some, postpone others, leave some alone. Now the only remaining XXX022s are ones that seem important to fix or investigate.
* | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson2011-01-15
|\ \
| * | Add missing check for hostname answer_len in dnsserv sizeNick Mathewson2011-01-15
| | | | | | | | | | | | This is checked elsewhere too, but let's be RFC-conformant.
* | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson2011-01-15
|\| | | |/ |/| | | | | | | | | | | | | Conflicts: src/or/config.c src/or/networkstatus.c src/or/rendcommon.c src/or/routerparse.c src/or/test.c
| * Always nul-terminate the result passed to evdns_server_add_ptr_replyNick Mathewson2011-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In dnsserv_resolved(), we carefully made a nul-terminated copy of the answer in a PTR RESOLVED cell... then never used that nul-terminated copy. Ouch. Surprisingly this one isn't as huge a security problem as it could be. The only place where the input to dnsserv_resolved wasn't necessarily nul-terminated was when it was called indirectly from relay.c with the contents of a relay cell's payload. If the end of the payload was filled with junk, eventdns.c would take the strdup() of the name [This part is bad; we might crash there if the cell is in a bad part of the stack or the heap] and get a name of at least length 495[*]. eventdns.c then rejects any name of length over 255, so the bogus data would be neither transmitted nor altered. [*] If the name was less than 495 bytes long, the client wouldn't actually be reading off the end of the cell. Nonetheless this is a reasonably annoying bug. Better fix it. Found while looking at bug 2332, reported by doorss. Bugfix on 0.2.0.1-alpha.
* | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson2011-01-03
|\| | | | | | | | | | | Conflicts: src/common/test.h src/or/test.c
| * Bump copyright statements to 2011Nick Mathewson2011-01-03
| |
* | Ensure controller RESOLVE commands respect __LeaveStreamsUnattachedRobert Hogan2010-08-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://trac.torproject.org/projects/tor/ticket/1525 "The codepath taken by the control port "RESOLVE" command to create a synthetic SOCKS resolve request isn't the same as the path taken by a real SOCKS request from 'tor-resolve'. This prevents controllers who set LeaveStreamsUnattached=1 from being able to attach RESOLVE streams to circuits of their choosing." Create a new function connection_ap_rewrite_and_attach_if_allowed() and call that when Tor needs to attach a stream to a circuit but needs to know if the controller permits it. No tests added.
* | Create policies.hSebastian Hahn2010-07-27
| |
* | Create main.hSebastian Hahn2010-07-27
| |
* | Create control.hSebastian Hahn2010-07-27
| |
* | Create connection_edge.hSebastian Hahn2010-07-27
| |
* | Create connection.hSebastian Hahn2010-07-27
| |
* | Create config.hSebastian Hahn2010-07-27
| |
* | Split headers for dnsserv.c functions out of or.hSebastian Hahn2010-07-27
| | | | | | | | | | | | | | The next series of commits begins addressing the issue that we're currently including the complete or.h file in all of our source files. To change that, we're splitting function definitions into new header files (one header file per source file).
* | Merge remote branch 'origin/maint-0.2.1'Nick Mathewson2010-02-27
|\| | | | | | | | | | | Conflicts: src/common/test.h src/or/test.c
| * Update Tor Project copyright yearsNick Mathewson2010-02-27
| |
| * Update copyright to 2009.Karsten Loesing2009-05-04
| |
* | Make the DNSPort option work with libevent 2.xSebastian Hahn2010-02-19
| | | | | | | | | | | | | | | | | | We need to use evdns_add_server_port_with_base() when configuring our DNS listener, because libevent segfaults otherwise. Add a macro in compat_libevent.h to pick the correct implementation depending on the libevent version. Fixes bug 1143, found by SwissTorExit
* | Refactor the safe_str_*() API to make more sense.Nick Mathewson2009-12-15
| | | | | | | | | | | | The new rule is: safe_str_X() means "this string is a piece of X information; make it safe to log." safe_str() on its own means "this string is a piece of who-knows-what; make it safe to log".
* | LetsKillNoConnect removes support for .noconnectJacob Appelbaum2009-08-08
| | | | | | | | | | This is a patch to remove support for .noconnect. We are removing .noconnect because of a talk at Defcon 17 by Gregory Fleischer.
* | Update Tor to use Libevent 2.0 APIs when available.Nick Mathewson2009-06-12
| | | | | | | | | | | | | | | | | | | | This patch adds a new compat_libevent.[ch] set of files, and moves our Libevent compatibility and utilitity functions there. We build them into a separate .a so that nothing else in src/commmon depends on Libevent (partially fixing bug 507). Also, do not use our own built-in evdns copy when we have Libevent 2.0, whose evdns is finally good enough (thus fixing Bug 920).
* | Update copyright to 2009.Karsten Loesing2009-05-02
|/
* Port some mostly cosmetic eventdns changes from libeventNick Mathewson2009-02-11
| | | | svn:r18492
* Make outgoing DNS requests respect OutboundBindAddress.Nick Mathewson2009-01-06
| | | | | | Fixes the bug part of bug 789. svn:r17983
* Remove svn $Id$s from our source, and remove tor --version --version.Nick Mathewson2009-01-04
| | | | | | | | The subversion $Id$ fields made every commit force a rebuild of whatever file got committed. They were not actually useful for telling the version of Tor files in the wild. svn:r17867
* Add DOCDOC comments for all undocumented functions. Add missing *s to other ↵Nick Mathewson2008-12-22
| | | | | | comments so that they will get recognized as doxygen. svn:r17729
* Downlgrade tweak, and answer lots of XXX021s. No actual code fixes in this ↵Nick Mathewson2008-12-18
| | | | | | patch. svn:r17686
* fix wide linesNick Mathewson2008-11-07
| | | | svn:r17198
* Work better with tools that resist DNS poisoning by using the 0x20 hack: ↵Nick Mathewson2008-10-29
| | | | | | make DNSPort replies perserve case. svn:r17170
* Refactor use of connection_new so that we get more verifiable typesafety.Nick Mathewson2008-09-05
| | | | svn:r16785
* r17666@tombo: nickm | 2008-08-07 15:12:30 -0400Nick Mathewson2008-08-07
| | | | | | | Make tor_addr_from_sockaddr also give away the port in a useful format svn:r16458
* r17641@31-33-44: nickm | 2008-08-05 16:07:53 -0400Nick Mathewson2008-08-05
| | | | | | | Initial conversion of uint32_t addr to tor_addr_t addr in connection_t and related types. Most of the Tor wire formats using these new types are in, but the code to generate and use it is not. This is a big patch. Let me know what it breaks for you. svn:r16435
* r17346@aud-055: nickm | 2008-07-24 15:37:19 +0200Nick Mathewson2008-07-24
| | | | | | | Make generic address manipulation functions work better. Switch address policy code to use tor_addr_t, so it can handle IPv6. That is a good place to start. svn:r16178
* r14399@tombo: nickm | 2008-02-22 14:09:38 -0500Nick Mathewson2008-02-22
| | | | | | | More 64-to-32 fixes. Partial backport candidate. still not done. svn:r13680
* r14181@tombo: nickm | 2008-02-15 16:48:17 -0500Nick Mathewson2008-02-15
| | | | | | | Fix all but 2 DOCDOC items; defer many XXX020s (particularly those where fixing them would fix no bugs at the risk of introducing some bugs). svn:r13529