| Commit message (Expand) | Author | Age |
|---|
| * | Merge remote branch 'origin/maint-0.2.2' for bug 1859 patches•••Some of this is already done in nodelist.
| Nick Mathewson | 2010-10-21 |
| |\ |
|
| | * | Fix a remaining bug in Robert's bug1859 fix.•••When intro->extend_info is created for an introduction point, it
only starts out with a nickname, not necessarily an identity digest.
Thus, doing router_get_by_digest isn't necessarily safe.
| Nick Mathewson | 2010-10-21 |
| | * | Issues with router_get_by_nickname()•••https://trac.torproject.org/projects/tor/ticket/1859
Use router_get_by_digest() instead of router_get_by_hexdigest()
in circuit_discard_optional_exit_enclaves() and
rend_client_get_random_intro(), per Nick's comments.
Using router_get_by_digest() in rend_client_get_random_intro() will
break hidden services published by Tor versions pre 0.1.2.18 and
0.2.07-alpha as they only publish by nickname. This is acceptable
however as these versions only publish to authority tor26 and
don't work for versions in the 0.2.2.x series anyway.
| Robert Hogan | 2010-10-17 |
| | * | Issues with router_get_by_nickname()•••https://trac.torproject.org/projects/tor/ticket/1859
There are two problems in this bug:
1. When an OP makes a .exit request specifying itself as the exit, and the exit
is not yet listed, Tor gets all the routerinfos needed for the circuit but
discovers in circuit_is_acceptable() that its own routerinfo is not in the
routerdigest list and cannot be used. Tor then gets locked in a cycle of
repeating these two steps. When gathering the routerinfos for a circuit,
specifically when the exit has been chosen by .exit notation, Tor needs to
apply the same rules it uses later on when deciding if it can build a
circuit with those routerinfos.
2. A different bug arises in the above situation when the Tor instance's
routerinfo *is* listed in the routerlist, it shares its nickname with a
number of other Tor nodes, and it does not have 'Named' rights to its
nickname.
So for example, if (i) there are five nodes named Bob in the network, (ii) I
am running one of them but am flagged as 'Unnamed' because someone else
claimed the 'Bob' nickname first, and (iii) I run my Tor as both client
and exit the following can happen to me:
- I go to www.evil.com
- I click on a link www.evil.com.bob.exit
- My request will exit through my own Tor node rather than the 'Named'
node Bob or any of the others.
- www.evil.com now knows I am actually browsing from the same computer
that is running my 'Bob' node
So to solve both issues we need to ensure:
- When fulfilling a .exit request we only choose a routerinfo if it exists in
the routerlist, even when that routerinfo is ours.
- When getting a router by nickname we only return our own router information
if it is not going to be used for building a circuit.
We ensure this by removing the special treatment afforded our own router in
router_get_by_nickname(). This means the function will only return the
routerinfo of our own router if it is in the routerlist built from authority
info and has a unique nickname or is bound to a non-unique nickname.
There are some uses of router_get_by_nickname() where we are looking for the
router by name because of a configuration directive, specifically local
declaration of NodeFamilies and EntryNodes and other routers' declaration of
MyFamily. In these cases it is not at first clear if we need to continue
returning our own routerinfo even if our router is not listed and/or has a
non-unique nickname with the Unnamed flag.
The patch treats each of these cases as follows:
Other Routers' Declaration of MyFamily
This happens in routerlist_add_family(). If another router declares our router
in its family and our router has the Unnamed flag or is not in the routerlist
yet, should we take advantage of the fact that we know our own routerinfo to
add us in anyway? This patch says 'no, treat our own router just like any
other'. This is a safe choice because it ensures our client has the same view
of the network as other clients. We also have no good way of knowing if our
router is Named or not independently of the authorities, so we have to rely on
them in this.
Local declaration of NodeFamilies
Again, we have no way of knowing if the declaration 'NodeFamilies
Bob,Alice,Ringo' refers to our router Bob or the Named router Bob, so we have
to defer to the authorities and treat our own router like any other.
Local declaration of NodeFamilies
Again, same as above. There's also no good reason we would want our client to
choose it's own router as an entry guard if it does not meet the requirements
expected of any other router on the network.
In order to reduce the possibility of error, the patch also replaces two
instances where we were using router_get_by_nickname() with calls to
router_get_by_hexdigest() where the identity digest of the router
is available.
| Robert Hogan | 2010-10-13 |
| * | | Rename router_get_by_digest()•••We now call the function router_get_by_id_digest() to make clear that
we're talking about the identity digest here, not descriptor digest.
| Sebastian Hahn | 2010-10-14 |
| * | | Initial conversion to use node_t throughout our codebase.•••A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
| Nick Mathewson | 2010-10-01 |
| * | | Try to make most routerinfo_t interfaces const | Nick Mathewson | 2010-10-01 |
| |/ |
|
| * | Fix misplaced labels | Sebastian Hahn | 2010-08-16 |
| * | Create rephist.h | Sebastian Hahn | 2010-07-27 |
| * | Create relay.h | Sebastian Hahn | 2010-07-27 |
| * | Create main.h | Sebastian Hahn | 2010-07-27 |
| * | Create directory.h | Sebastian Hahn | 2010-07-27 |
| * | Create connection_edge.h | Sebastian Hahn | 2010-07-27 |
| * | Create connection.h | Sebastian Hahn | 2010-07-27 |
| * | Create config.h | Sebastian Hahn | 2010-07-27 |
| * | Create circuituse.h | Sebastian Hahn | 2010-07-27 |
| * | Create circuitlist.h | Sebastian Hahn | 2010-07-27 |
| * | Create circuitbuild.h | Sebastian Hahn | 2010-07-27 |
| * | Create rendclient.h | Sebastian Hahn | 2010-07-27 |
| * | Create rendcommon.h | Sebastian Hahn | 2010-07-27 |
| * | Create routerlist.h | Sebastian Hahn | 2010-07-27 |
| * | Merge remote branch 'origin/maint-0.2.1'•••Conflicts:
src/common/test.h
src/or/test.c
| Nick Mathewson | 2010-02-27 |
| |\ |
|
| | * | Update Tor Project copyright years | Nick Mathewson | 2010-02-27 |
| * | | Merge commit 'origin/maint-0.2.1' | Nick Mathewson | 2010-02-07 |
| |\| |
|
| | * | lookup_last_hid_serv_request() could overflow and leak memory•••The problem was that we didn't allocate enough memory on 32-bit
platforms with 64-bit time_t. The memory leak occured every time
we fetched a hidden service descriptor we've fetched before.
| Sebastian Hahn | 2010-02-07 |
| | * | read the "circwindow" parameter from the consensus•••backport of c43859c5c12361fad505
backport of 0d13e0ed145f4c1b5bd1
| Roger Dingledine | 2009-10-14 |
| | * | Merge commit 'karsten/fix-1073' into maint-0.2.1 | Nick Mathewson | 2009-09-16 |
| | |\ |
|
| | | * | Reduce log level for bug case that we now know really exists. | Karsten Loesing | 2009-09-01 |
| | | * | Avoid segfault when accessing hidden service. | Karsten Loesing | 2009-08-29 |
| * | | | Merge branch 'safelogging2'•••Conflicts:
ChangeLog
| Nick Mathewson | 2009-12-15 |
| |\ \ \ |
|
| | * | | | Refactor the safe_str_*() API to make more sense.•••The new rule is: safe_str_X() means "this string is a piece of X
information; make it safe to log." safe_str() on its own means
"this string is a piece of who-knows-what; make it safe to log".
| Nick Mathewson | 2009-12-15 |
| | * | | | Allow SafeLogging to exclude client related information | Sebastian Hahn | 2009-12-12 |
| * | | | | Now that FOO_free(NULL) always works, remove checks before calling it. | Nick Mathewson | 2009-12-12 |
| |/ / / |
|
| * | | | Reduce log level for someone else sending us weak DH keys.•••See task 1114. The most plausible explanation for someone sending us weak
DH keys is that they experiment with their Tor code or implement a new Tor
client. Usually, we don't care about such events, especially not on warn
level. If we really care about someone not following the Tor protocol, we
can set ProtocolWarnings to 1.
| Karsten Loesing | 2009-10-25 |
| * | | | downgrade a log severity, since this event has been known•••to happen and there's nothing the user can do about it
| Roger Dingledine | 2009-09-21 |
| * | | | a mish-mash of stuff in my sandbox | Roger Dingledine | 2009-09-17 |
| * | | | Read "circwindow=x" from the consensus and use it•••Tor now reads the "circwindow" parameter out of the consensus,
and uses that value for its circuit package window rather than the
default of 1000 cells. Begins the implementation of proposal 168.
| Roger Dingledine | 2009-09-15 |
| * | | | Merge commit 'origin/maint-0.2.1' | Nick Mathewson | 2009-09-01 |
| |\| | |
|
| | * | | Fix compile warnings on Snow Leopard•••Big thanks to nickm and arma for helping me with this!
| Sebastian Hahn | 2009-09-01 |
| | |/ |
|
| * | | Merge commit 'origin/maint-0.2.1'•••[Didn't take Karsten's full bug 1024 workaround, since 0.2.2 doesn't
use v0 rend descs.]
| Nick Mathewson | 2009-07-02 |
| |\| |
|
| | * | Make an attempt to fix bug 1024.•••The internal error "could not find intro key" occurs when we want to send
an INTRODUCE1 cell over a recently finished introduction circuit and think
we built the introduction circuit with a v2 hidden service descriptor, but
cannot find the introduction key in our descriptor.
My first guess how we can end up in this situation is that we are wrong in
thinking that we built the introduction circuit based on a v2 hidden
service descriptor. This patch checks if we have a v0 descriptor, too, and
uses that instead.
| Karsten Loesing | 2009-07-02 |
| | * | Better fix for 997. | Karsten Loesing | 2009-06-19 |
| | * | Revert "Backport fix for bug 997."•••This reverts commit 3847f54945933a11d14053b80427f268ffcfd8ad.
| Karsten Loesing | 2009-06-19 |
| | * | Backport fix for bug 997.•••Backporting 6a32beb and ca8708a.
| Karsten Loesing | 2009-06-16 |
| * | | Fix more of bug 997.•••Fix refetching of hidden service descriptors when all introduction points
have turned out to not work.
| Karsten Loesing | 2009-06-13 |
| * | | Restore changes from f79688d that got lost somehow during a merge. | Karsten Loesing | 2009-06-12 |
| * | | Restore changes from Karsten's "Remove unused rendversion parameters".•••These were made undone by a merge.
| Nick Mathewson | 2009-05-28 |
| * | | Merge commit 'origin/maint-0.2.1' | Nick Mathewson | 2009-05-27 |
| |\| |
|
| | * | Spell-check Tor. | Nick Mathewson | 2009-05-27 |
| | * | Update copyright to 2009. | Karsten Loesing | 2009-05-04 |