| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
| |
On or-talk, Marco Bonetti reports that recent iPhone SDKs build
Tor fine without it.
|
| |
|
|
|
|
| |
Vista is Windows 6.0, and 7 is Windows 6.1. Fixes bug 1097.
Also fix a coding style violation.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Tor has tor_lookup_hostname(), which prefers ipv4 addresses automatically.
Bug 1244 occured because gethostbyname() returned an ipv6 address, which
Tor cannot handle currently. Fixes bug 1244; bugfix on 0.0.2pre25.
Reported by Mike Mestnik.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
We implemented ratelimiting for warnings going into the logfile, but didn't
rate-limit controller events. Now both log warnings and controller events
are rate-limited.
|
| |\ \ \ |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
It isn't necessary to walk through all possible subnets when the policy
we're looking at doesn't touch that subnet.
|
| | | | | |
|
| | |/ / |
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | | |
Also reword it slightly to reflect the fact that no packagers
ship the file.
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
The src and dest of a memcpy() call aren't supposed to overlap,
but we were sometimes calling tor_addr_copy() as a no-op.
Also, tor_addr_assign was a redundant copy of tor_addr_copy(); this patch
removes it.
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
The problem was that we didn't allocate enough memory on 32-bit
platforms with 64-bit time_t. The memory leak occured every time
we fetched a hidden service descriptor we've fetched before.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
When calculating the is_exit flag for a routerinfo_t, we don't need
to call exit_policy_is_general_exit() if router_exit_policy_rejects_all()
tells us it definitely is an exit. This check is much cheaper than
running exit_policy_is_general_exit().
|
| | | |
|
| | |
| |
| |
| |
| | |
Previously we were treating them as decent hostnames and sending them
to the exit, which is completely wrong.
|
| | |
| |
| |
| |
| | |
The original comment said what it did if there was at least one /8 that
allowed access to the port, but not what it did otherwise.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
exit_policy_is_general_exit() assumed that there are no redundancies
in the passed policy, in the sense that we actively combine entries
in the policy to really get rid of any redundancy. Since we cannot
do that without massively rewriting the policy lines the relay
operators set, fix exit_policy_is_general_exit().
Fixes bug 1238, discovered by Martin Kowalczyk.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.
For the ugly version, see my long comment in tortls.c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch. On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.
May fix bug 1225.
[backported]
|
| | |
| |
| |
| |
| | |
Since it doesn't seem to hurt, we should use _both_ fixes whenever
we see OpenSSL 0.9.7L .. 0.9.8, or OpenSSL 0.9.8L..
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch. On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.
May fix bug 1225.
|
| | |
| |
| |
| | |
rieo pointed out something isn't right here
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We accidentally freed the internal buffer for bridge stats when we
were writing the bridge stats file or honoring a control port
request for said data. Change the interfaces for
geoip_get_bridge_stats* to prevent these problems, and remove the
offending free/add a tor_strdup.
Fixes bug 1208.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This was freaking out some relay operators without good reason, as
it is nothing the relay operator can do anything about anyways.
Quieting this warning suggested by rieo.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I believe that since we were allocating *cp while holding a mutex,
coverity deduced that *cp must be protected by that mutex, and later
flipped out when we didn't use it that way. If this is so, we can
solve our problems by moving the *cp = tor_strdup(buf) part outside of
the mutex-protected code.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's a bit confusing to have a loop where another function,
confusingly named "*_free", is responsible for advancing the loop
variable (or rather, for altering a structure so that the next time
the loop variable's initializer is evaluated it evaluates to something
different.)
Not only has this confused people: it's also confused coverity scan.
Let's fix that.
|
| |/ /
| |
| |
| | |
This might please coverity scan.
|
| | | |
|
| | |
| |
| |
| | |
Does not deal with error handling in dump_microdescriptor's callers.
|
| |\|
| |
| |
| |
| |
| |
| | |
Resolved conflicts in:
configure.in
src/or/Makefile.am
src/tools/Makefile.am
|
| | |
| |
| |
| |
| | |
These options only work when using --with-(openssl|libevent)-dir to
explicitly pick a libevent or openssl location.
|
| |\| |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We were checking for msg==NULL, but not lib or proc. This case can
only occur if we have an error whose string we somehow haven't loaded,
but it's worth coding defensively here.
Spotted by rieo on IRC.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The OutboundBindAddress option is useful for making sure that all of
your outbond connections use a given interface. But when connecting
to 127.0.0.1 (or ::1 even) it's important to actually have the
connection come _from_ localhost, since lots of programs running on
localhost use the source address to authenticate that the connection
is really coming from the same host.
Our old code always bound to OutboundBindAddress, whether connecting
to localhost or not. This would potentially break DNS servers on
localhost, and socks proxies on localhost. This patch changes the
behavior so that we only look at OutboundBindAddress when connecting
to a non-loopback address.
|
| | | |
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
ChangeLog
|
| | | |
|