aboutsummaryrefslogtreecommitdiff
path: root/src/or/routerparse.c
Commit message (Expand)AuthorAge
...
| * | Sanity-check consensus param values•••We need to make sure that the worst thing that a weird consensus param can do to us is to break our Tor (and only if the other Tors are reliably broken in the same way) so that the majority of directory authorities can't pull any attacks that are worse than the DoS that they can trigger by simply shutting down. One of these worse things was the cbtnummodes parameter, which could lead to heap corruption on some systems if the value was sufficiently large. This commit fixes this particular issue and also introduces sanity checking for all consensus parameters. Sebastian Hahn2011-01-15
* | | Merge remote branch 'origin/maint-0.2.2'Nick Mathewson2011-01-15
|\| |
| * | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts: src/or/routerparse.c src/or/test.c Nick Mathewson2011-01-15
| |\|
| | * Merge branch 'bug2352_obsize' into maint-0.2.1Nick Mathewson2011-01-15
| | |\
| | | * catch another overlong malloc possibility. found by cypherpunksNick Mathewson2011-01-15
| | | * Impose maximum sizes on parsed objects•••An object, you'll recall, is something between -----BEGIN----- and -----END----- tags in a directory document. Some of our code, as doorss has noted in bug 2352, could assert if one of these ever overflowed SIZE_T_CEILING but not INT_MAX. As a solution, I'm setting a maximum size on a single object such that neither of these limits will ever be hit. I'm also fixing the INT_MAX checks, just to be sure. Nick Mathewson2011-01-10
| | | * Add logic in routerparse to not read overlong private keys•••I am not at all sure that it is possible to trigger a bug here, but better safe than sorry. Nick Mathewson2011-01-10
* | | | Merge remote branch 'origin/maint-0.2.2'Nick Mathewson2011-01-15
|\| | |
| * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts: src/or/config.c src/or/networkstatus.c src/or/rendcommon.c src/or/routerparse.c src/or/test.c Nick Mathewson2011-01-15
| |\| |
| | * | Fix a heap overflow found by debuger, and make it harder to make that mistake...•••Our public key functions assumed that they were always writing into a large enough buffer. In one case, they weren't. (Incorporates fixes from sebastian) Nick Mathewson2011-01-15
| | |/
| | * fix whitespace issuesNick Mathewson2011-01-03
* | | Merge remote branch 'origin/maint-0.2.2'Nick Mathewson2011-01-03
|\| |
| * | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts: src/common/test.h src/or/test.c Nick Mathewson2011-01-03
| |\|
| | * Bump copyright statements to 2011Nick Mathewson2011-01-03
* | | Merge remote branch 'origin/maint-0.2.2'Nick Mathewson2010-11-10
|\| |
| * | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson2010-11-10
| |\|
| | * Enforce multiplicity rules when parsing annotations.•••We would never actually enforce multiplicity rules when parsing annotations, since the counts array never got entries added to it for annotations in the token list that got added by earlier calls to tokenize_string. Found by piebeer. Nick Mathewson2010-11-10
| | * Fix a bug where seting allow_annotations==0 only ignores annotations, but doe...Nick Mathewson2010-11-10
* | | Implement policies for nodes (and for microdescriptors too)Nick Mathewson2010-10-01
* | | Rename routerstatus_t.is_running to is_flagged_running•••This was the only flag in routerstatus_t that we would previously change in a routerstatus_t in a consensus. We no longer have reason to do so -- and probably never did -- as you can now confirm more easily than you could have done by grepping for is_running before this patch. The name change is to emphasize that the routerstatus_t is_running flag is only there to tell you whether the consensus says it's running, not whether it *you* think it's running. Nick Mathewson2010-10-01
* | | Initial conversion to use node_t throughout our codebase.•••A node_t is an abstraction over routerstatus_t, routerinfo_t, and microdesc_t. It should try to present a consistent interface to all of them. There should be a node_t for a server whenever there is * A routerinfo_t for it in the routerlist * A routerstatus_t in the current_consensus. (note that a microdesc_t alone isn't enough to make a node_t exist, since microdescriptors aren't usable on their own.) There are three ways to get a node_t right now: looking it up by ID, looking it up by nickname, and iterating over the whole list of microdescriptors. All (or nearly all) functions that are supposed to return "a router" -- especially those used in building connections and circuits -- should return a node_t, not a routerinfo_t or a routerstatus_t. A node_t should hold all the *mutable* flags about a node. This patch moves the is_foo flags from routerinfo_t into node_t. The flags in routerstatus_t remain, but they get set from the consensus and should not change. Some other highlights of this patch are: * Looking up routerinfo and routerstatus by nickname is now unified and based on the "look up a node by nickname" function. This tries to look only at the values from current consensus, and not get confused by the routerinfo_t->is_named flag, which could get set for other weird reasons. This changes the behavior of how authorities (when acting as clients) deal with nodes that have been listed by nickname. * I tried not to artificially increase the size of the diff here by moving functions around. As a result, some functions that now operate on nodes are now in the wrong file -- they should get moved to nodelist.c once this refactoring settles down. This moving should happen as part of a patch that moves functions AND NOTHING ELSE. * Some old code is now left around inside #if 0/1 blocks, and should get removed once I've verified that I don't want it sitting around to see how we used to do things. There are still some unimplemented functions: these are flagged with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the implementation here, piece by piece. I wish this patch could have been smaller, but there did not seem to be any piece of it that was independent from the rest. Moving flags forces many functions that once returned routerinfo_t * to return node_t *, which forces their friends to change, and so on. Nick Mathewson2010-10-01
* | | Remove the has_old_dnsworkers flag.Nick Mathewson2010-09-28
* | | Actually parse the m lines from a microdesc consensusNick Mathewson2010-09-27
|/ /
* | Create routerparse.hSebastian Hahn2010-07-27
* | Create rephist.hSebastian Hahn2010-07-27
* | Create policies.hSebastian Hahn2010-07-27
* | Create networkstatus.hSebastian Hahn2010-07-27
* | Create microdesc.hSebastian Hahn2010-07-27
* | Create dirvote.hSebastian Hahn2010-07-27
* | Create dirserv.hSebastian Hahn2010-07-27
* | Create config.hSebastian Hahn2010-07-27
* | Create rendcommon.hSebastian Hahn2010-07-27
* | Create routerlist.hSebastian Hahn2010-07-27
* | Create router.hSebastian Hahn2010-07-27
* | Merge branch 'fix_routerparse_bug'Nick Mathewson2010-02-28
|\ \
| * | Fix a consensus-extension bug found by outofwords•••When the bandwidth-weights branch added the "directory-footer" token, and began parsing the directory footer at the first occurrence of "directory-footer", it made it possible to fool the parsing algorithm into accepting unsigned data at the end of a consensus or vote. This patch fixes that bug by treating the footer as starting with the first "directory-footer" or the first "directory-signature", whichever comes first. Nick Mathewson2010-02-27
* | | Merge remote branch 'origin/maint-0.2.1'•••Conflicts: src/common/test.h src/or/test.c Nick Mathewson2010-02-27
|\ \ \ | |/ / |/| / | |/
| * Update Tor Project copyright yearsNick Mathewson2010-02-27
* | fix some wide lines in routerparse.cNick Mathewson2010-02-27
* | Merge remote branch 'origin/maint-0.2.1'•••Conflicts: ChangeLog src/or/routerparse.c Nick Mathewson2010-02-27
|\|
| * Properly handle non-terminated strings•••Treat strings returned from signed_descriptor_get_body_impl() as not NUL-terminated. Since the length of the strings is available, this is not a big problem. Discovered by rieo. Sebastian Hahn2010-02-27
| * Code to parse and access network parameters.•••Partial backport of 381766ce4b1145460. Partial backport of 56c6d78520a98fb64. Nick Mathewson2009-10-14
* | Don't segfault when checking the consensusSebastian Hahn2010-02-26
* | Don't believe unauthenticated info in a consensus.•••Don't allow anything but directory-signature tokens in a consensus after the first directory-signature token. Fixes bug in bandwidth-weights branch. Found by "outofwords." Nick Mathewson2010-02-26
* | Fix 64-bit printf issues in consensus-bw-weights5-merge.•••For my 64-bit Linux system running with GCC 4.4.3-fc12-whatever, you can't do 'printf("%lld", (int64_t)x);' Instead you need to tell the compiler 'printf("%lld", (long long int)x);' or else it doesn't believe the types match. This is why we added U64_PRINTF_ARG; it looks like we needed an I64_PRINTF_ARG too. Nick Mathewson2010-02-25
* | Clearly mark directory footer so we parse the new weight line.Mike Perry2010-02-22
* | Add parsing+verification for bw weight values.Mike Perry2010-02-22
* | network-status-version must come first in a vote/consensus•••Spec conformance issue: The code didn't force the network-status-version token to be the first token in a v3 vote or consensus. Problem discovered by Parakeep. Sebastian Hahn2010-02-22
* | Remove duplicate words and a duplicate newline.Karsten Loesing2009-12-18
* | Now that FOO_free(NULL) always works, remove checks before calling it.Nick Mathewson2009-12-12
generated by cgit v1.2.3 (git 2.48.1) at 2025-03-30 04:53:11 +0000