| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| |
| |
| | |
Conflicts:
src/common/include.am
|
| | |
| |
| |
| | |
Also, move 'procmon' into libor_event library, since it uses libevent.
|
| | |
| |
| |
| |
| |
| | |
This is a fix for another case of 12064 that alphawolf just spotted.
There's already an 0.2.5.5 changelog entry for this.
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/or/channel.c
src/or/circuitlist.c
src/or/connection.c
Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits. But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.
This is part of fixing 6799.
When applied to 0.2.5, it is also a fix for 12023.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.
Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.
Fix for ticket 6799.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Previously, they went out once an hour, unconditionally.
Fixes 10485; bugfix on 0.2.4.17-rc.
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The old cache had problems:
* It needed to be manually preloaded. (It didn't remember any
address you didn't tell it to remember)
* It was AF_INET only.
* It looked at its cache even if the sandbox wasn't turned on.
* It couldn't remember errors.
* It had some memory management problems. (You can't use memcpy
to copy an addrinfo safely; it has pointers in.)
This patch fixes those issues, and moves to a hash table.
Fixes bug 11970; bugfix on 0.2.5.1-alpha.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Patch from Roger; changes file by me.
Fixes 10405; bugfix on 0.2.3.9-alpha, where DisableNetwork was
introduced.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
fixes 12114; bug not in any release.
Improves fix for 12028
|
| | | | |
| | | |
| | | |
| | | | |
Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Without this fix, when running with bridges, we would try fetching
directory info far too early, and have up to a 60 second delay if we
started with bridge descriptors available.
Fixes bug 11965. Fix on 0.2.3.6-alpha, arma thinks.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
fixes part of 12064
|
| | | | | |
| | | | |
| | | | |
| | | | | |
fixes part of 12064
|
| | |/ / /
|/| | |
| | | |
| | | | |
Fix for 12064 part 1
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | |/
| |/| |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Fixes bug 12032; bugfix on 0.2.5.1-alpha
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Also, don't tolerate changing DirPortFrontPage.
Fixes bug 12028; bugfix on 0.2.5.1-alpha.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This prevents a crash when rotating logs with dirreq-stats enabled
fixes 12035; bugfix on 0.2.5.1-alpha.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Fix for 12041; bugfix on 0.2.5.1-alpha.
|
| | | |
| | |
| | |
| | |
| | | |
We'll use these to deal with being unable to access the user DB
after we install the sandbox, to fix bug 11946.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
On OpenBSD 5.4, time_t is a 32-bit integer. These instances contain
implicit treatment of long and time_t as comparable types, so explicitly
cast to time_t.
|
| |/ /
| |
| |
| |
| | |
This was crashing on --verify-config in the debian startup script, if you
had sandboxing enabled. Fixes 11609; fix on 0.2.5.1-alpha.
|
| |\ \
| | |
| | |
| | |
| | | |
Conflicts:
src/or/main.c
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Libevent uses an arc4random implementation (I know, I know) to
generate DNS transaction IDs and capitalization. But it liked to
initialize it either with opening /dev/urandom (which won't work
under the sandbox if it doesn't use the right pointer), or with
sysctl({CTL_KERN,KERN_RANDOM,RANDOM_UUIC}). To make _that_ work, we
were permitting sysctl unconditionally. That's not such a great
idea.
Instead, we try to initialize the libevent PRNG _before_ installing
the sandbox, and make sysctl always fail with EPERM under the
sandbox.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Appearently, the majority of the filenames we pass to
sandbox_cfg_allow() functions are "freeable right after". So, consider
_all_ of them safe-to-steal, and add a tor_strdup() in the few cases
that aren't.
(Maybe buggy; revise when I can test.)
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
(If we don't restrict rename, there's not much point in restricting
open, since an attacker could always use rename to make us open
whatever they want.)
|
| | | |
| | |
| | |
| | |
| | | |
Allow files that weren't in the list; Allow the _sysctl syscall;
allow accept4 with CLOEXEC and NONBLOCK.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A new set of unit test cases are provided, as well as introducing
an alternative paradigm and macros to support it. Primarily, each test
case is given its own namespace, in order to isolate tests from each
other. We do this by in the usual fashion, by appending module and
submodule names to our symbols. New macros assist by reducing friction
for this and other tasks, like overriding a function in the global
namespace with one in the current namespace, or declaring integer
variables to assist tracking how many times a mock has been called.
A set of tests for a small-scale module has been included in this
commit, in order to highlight how the paradigm can be used. This
suite gives 100% coverage to status.c in test execution.
|
| | | |
| | |
| | |
| | | |
Resolves ticket 5286.
|
| |/ /
| |
| |
| |
| |
| | |
When we successfully create a usable circuit after it previously
timed out for a certain amount of time, we should make sure that
our public IP address hasn't changed and update our descriptor.
|
| |\ \ |
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| | |
Most of these are simple. The only nontrivial part is that our
pattern for using ENUM_BF was confusing doxygen by making declarations
that didn't look like declarations.
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/or/router.c
src/test/test_dir.c
|
| | | |
| | |
| | |
| | | |
(rather than router->address)
|
| | | |
| | |
| | |
| | | |
Implements #10884.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Back in 5e762e6a5c0e6729bb7dbb586af2690c087d9ba8, non-exit servers
stopped launching DNS requests for users. So there's no need for them
to see if their DNS answers are hijacked.
Patch from Matt Pagan. I think this is a 965 fix.
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It's increasingly apparent that we want to make sure we initialize our
PRNG nice and early, or else OpenSSL will do it for us. (OpenSSL
doesn't do _too_ bad a job, but it's nice to do it ourselves.)
We'll also need this for making sure we initialize the siphash key
before we do any hashes.
|