| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
tor_process_monitor_new can't currently return NULL, but if it ever can,
we want that to be an explicitly fatal error, without relying on the fact
that monitor_owning_controller_process's chain of caller will exit if it
fails.
|
| | |
|
| |
|
|
| |
Implements part of feature 3049.
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clients and relays haven't used them since early 0.2.0.x. The only
remaining use by authorities learning about new relays ahead of scedule;
see proposal 147 for what we intend to do about that.
We're leaving in an option (FetchV2Networkstatus) to manually fetch v2
networkstatuses, because apparently dnsel and maybe bwauth want them.
This fixes bug 3022.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Found by using clang's analyzer.
|
| | |
| |
| |
| | |
Issue discovered using clang's static analyzer
|
| | |
| |
| |
| |
| |
| | |
Make that explicit by adding an assert and removing a null-check. All of
its callers currently depend on the argument being non-null anyway.
Silences a few clang complaints.
|
| | |
| |
| |
| |
| | |
This possible div by 0 warning from clang's analyzer was quite fun to
track down. Turns out the current behaviour is safe.
|
| | |
| |
| |
| |
| |
| |
| | |
The analyzer assumed that bootstrap_percent could be less than 0 when we
call control_event_bootstrap_problem(), which would mean we're calling
log_fn() with undefined values. The assert makes it clear this can't
happen.
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
Fixes bug 3106.
|
| |\ \ \
| |/ /
|/| | |
|
| | | | |
|
| |/ /
| |
| |
| | |
Trivial fix for 3079.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Previously we ensured that it would get called periodically by doing
it from inside the code that added microdescriptors. That won't work
though: it would interfere with our code that tried to read microdescs
from disk initially. Instead, we should consider rebuilding the cache
periodically, and on startup.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously on 0.2.2, we'd never clean the cache. Now that we can
clean it, we want to add a condition to rebuild it: that should happen
whenever we have dropped enough microdescriptors that we could save a
lot of space.
No changes file, since 0.2.3 doesn't need one and 0.2.2 already has some
changes files for the backport of the microdesc_clean_cahce() function.
|
| | |
| |
| |
| |
| | |
Otherwise we have no way to keep authorities' microdesc caches in 0.2.2
from growing without bound.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This could be one reason that authorities' journals would grow without
bound; related to bug 2230. Bugfix on 0.2.2.6-alpha. Fix by
"cypherpunks".
|
| | | |
|
| |\ \ |
|
| | | | |
|
| |\ \ \
| |/ /
|/| | |
|
| | | | |
|
| | | | |
|
| | | | | |
| | \ \ | |
| |\ \ \ \
| | | | |
| | | | |
| | | | | |
maint-0.2.2
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
service directories with non-open dir port."
This reverts commit 9a7098487b2c25f36112b3521758f42621dcd6af.
Conflicts:
ChangeLog (left unchanged by this commit)
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Fix bug 3020.
|
| |/ / / / |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously it would erroneously return true if ListenAddr was set for
a client port, even if that port itself was 0. This would give false
positives, which were not previously harmful... but which were about
to become.
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A v0 HS authority stores v0 HS descriptors in the same descriptor
cache that its HS client functionality uses. Thus, if the HS
authority operator clears its client HS descriptor cache, ALL v0
HS descriptors will be lost. That would be bad.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
These functions can return NULL for otherwise-valid values of
time_t. Notably, the glibc gmtime manpage says it can return NULL
if the year if greater than INT_MAX, and the windows MSDN gmtime
page says it can return NULL for negative time_t values.
Also, our formatting code is not guaranteed to correctly handle
years after 9999 CE.
This patch tries to correct this by detecting NULL values from
gmtime/localtime_r, and trying to clip them to a reasonable end of
the scale. If they are in the middle of the scale, we call it a
downright error.
Arguably, it's a bug to get out-of-bounds dates like this to begin
with. But we've had bugs of this kind in the past, and warning when
we see a bug is much kinder than doing a NULL-pointer dereference.
Boboper found this one too.
|
| |\ \ \ \ |
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some tor relays would report lines like these in their extrainfo
documents:
dirreq-write-history 2011-03-14 16:46:44 (900 s)
This was confusing to some people who look at the stats. It would happen
whenever a relay first starts up, or when a relay has dirport disabled.
Change this so that lines without actual bw entries are omitted.
Implements ticket 2497.
|
| | | | | |
|
| |\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | |
| | | | |
Conflicts:
src/or/or.h
src/or/rendclient.c
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
tor_fragile_assert() might be a no-op, so we have to return something
here to indicate failure to the caller.
|