aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* Fix memory leaks in test_cntev_append_cell_statsNick Mathewson2014-04-26
|
* fix uninitialized memory reads from test_geoip_with_pt. Found with valgrindNick Mathewson2014-04-26
|
* Fix memory leak in test_geoipNick Mathewson2014-04-26
|
* Fix memory leak in test_onion_queuesNick Mathewson2014-04-26
|
* Fix memory leaks in test_circuit_timeoutNick Mathewson2014-04-26
| | | | Found with valgrind.
* resolve a typo: sanboxing->sandboxing.Nick Mathewson2014-04-25
|
* Bump version to 0.2.5.4-alpha.Nick Mathewson2014-04-25
| | | | Probably releasing within ~22 hours, pending testing
* fix memory leak in dump_exit_policy_to_string testsNick Mathewson2014-04-25
|
* Merge branch 'scanbuild_fixes'Nick Mathewson2014-04-25
|\
| * scan-build: memarea_strndup() undefined behaviorNick Mathewson2014-04-19
| | | | | | | | | | | | | | | | The memarea_strndup() function would have hit undefined behavior by creating an 'end' pointer off the end of a string if it had ever been given an 'n' argument bigger than the length of the memory ares that it's scanning. Fortunately, we never did that except in the unit tests. But it's not a safe behavior to leave lying around.
| * scan-build: avoid undef behaior in tor_inet_ptonNick Mathewson2014-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | If we had an address of the form "1.2.3.4" and we tried to pass it to tor_inet_pton with AF_INET6, it was possible for our 'eow' pointer to briefly move backwards to the point before the start of the string, before we moved it right back to the start of the string. C doesn't allow that, and though we haven't yet hit a compiler that decided to nuke us in response, it's best to fix. So, be more explicit about requiring there to be a : before any IPv4 address part of the IPv6 address. We would have rejected addresses without a : for not being IPv6 later on anyway.
| * scan-build: sizeof(ptr*) in a debugging log in ext_orport.cNick Mathewson2014-04-19
| | | | | | | | | | | | Instead of taking the length of a buffer, we were taking the length of a pointer, so that our debugging log would cover only the first sizeof(void*) bytes of the client nonce.
| * scan-build: Fix harmless sizeof(ptr) in test_oom.cNick Mathewson2014-04-19
| | | | | | | | | | We meant to using random bytes to fill a buffer, up to 3000 at a time. Instead we were taking them sizeof(void*) at a time.
| * scan-build: close stdio FILEs on error in tor-gencertNick Mathewson2014-04-19
| | | | | | | | | | This is harmless, since tor-gencert exits right afterwards, but it's best to clean up after ourselves.
| * scan-build: truncate tinytest hexified outputs to 1024 bytes.Nick Mathewson2014-04-19
| | | | | | | | | | | | scan-build didn't like the unlimited version since we might need to overflow size_t to hexify a string that took up half our address space. (!)
| * scan-build: limit hashtable size so it always fits in SSIZE_MAXNick Mathewson2014-04-19
| | | | | | | | | | | | | | | | | | | | | | | | scan-build recognizes that in theory there could be a numeric overflow here. This can't numeric overflow can't trigger IRL, since in order to fill a hash table with more than P=402653189 buckets with a reasonable load factor of 0.5, we'd first have P/2 malloced objects to put in it--- and each of those would have to take take at least sizeof(void*) worth of malloc overhead plus sizeof(void*) content, which would run you out of address space anyway on a 32-bit system.
| * scan-build: bulletproof last-chance errormsg generation in rendservice.cNick Mathewson2014-04-18
| | | | | | | | | | | | | | If 'intro' is NULL in these functions, I'm pretty sure that the error message must be set before we hit the end. But scan-build doesn't notice that, and is worried that we'll do a null-pointer dereference in the last-chance errormsg generation.
| * scan-build: Have clear_pending_onions walk the lists more obviouslyNick Mathewson2014-04-18
| | | | | | | | | | | | | | As it stands, it relies on the fact that onion_queue_entry_remove will magically remove each onionskin from the right list. This patch changes the logic to be more resilient to possible bugs in onion_queue_entry_remove, and less confusing to static analysis tools.
| * scan-build: in cpuworker, initialize tv_startNick Mathewson2014-04-18
| | | | | | | | | | | | | | scan-build doesn't realize that a request can't be timed at the end unless it's timed at the start, and so it's not possible for us to be subtracting start from end without start being set. Nevertheless, let's not confuse it.
| * scan-build: get_proxy_addrport should always set its outputsNick Mathewson2014-04-18
| | | | | | | | | | | | | | When get_proxy_addrport returned PROXY_NONE, it would leave addr/port unset. This is inconsistent, and could (if we used the function in a stupid way) lead to undefined behavior. Bugfix on 5b050a9b0, though I don't think it affects tor-as-it-is.
| * scan-build: when logging a path length, check build_state.Nick Mathewson2014-04-18
| | | | | | | | | | | | Throughout circuituse, when we log about a circuit, we log its desired path length from build_state. scan-build is irrationally concerned that build_state might be NULL.
| * scan-build: Be consistent with a needless check in circuitmux.cNick Mathewson2014-04-18
| | | | | | | | | | | | | | | | | | In circuitmux_detach_all_circuits, we check whether an HT iterator gives us NULL. That should be impossible for an HT iterator. But our checking it has confused scan-build (justly) into thinking that our later use of HT_NEXT_RMV might not be kosher. I'm taking the coward's route here and strengthening the check. Bugfix on fd31dd44. (Not a real bug though)
| * scan-build: fix a crash-on-fail possibility in test_policy.cNick Mathewson2014-04-18
| |
| * scan-build: Avoid crashing on BUG in circuit_get_by_rend_token_and_purposeNick Mathewson2014-04-18
| | | | | | | | | | | | | | If we fail in circuit_get_by_rend_token_and_purpose because the circuit has no rend_info, don't try to reference fiends from its rend_info when logging an error. Bugfix on 8b9a2cb68, which is going into Tor 0.2.5.4-alpha.
| * scan-build: circuit_cpath_support_ntor had a dead initializationNick Mathewson2014-04-18
| | | | | | | | We were initializing cpath twice, which doesn't make sense.
| * scan-build: check impossible null-pointer case in buffers.cNick Mathewson2014-04-18
| | | | | | | | | | | | When maintaining buffer freelists, we don't skip more than there are, so (*chp) can't be null to begin with. scan-build has no way to know that.
| * scan-build: Add a check for result from getaddrinfoNick Mathewson2014-04-18
| | | | | | | | | | | | As documented, getaddrinfo always sets its result when it returns no error. But scan-build doesn't know that, and thinks we might be def
* | whitespace fixNick Mathewson2014-04-24
| |
* | Merge remote-tracking branch 'public/bug11553_025'Nick Mathewson2014-04-24
|\ \
| * \ Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson2014-04-23
| |\ \ | | | | | | | | | | | | | | | | Conflicts: src/or/circuitbuild.c
| | * | Improvements to #11553 fix based on reviewNick Mathewson2014-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a per-channel ratelim_t to control the rate at which we report failures for each channel. Explain why I picked N=32. Never return a zero circID. Thanks to Andrea and to cypherpunks.
| * | | Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson2014-04-18
| |\| |
| | * | Add a rate-limiter for the other circuitID exhaustion warningNick Mathewson2014-04-18
| | | |
| * | | Diagnostic warning to see if it's pending destroys causing 11553Nick Mathewson2014-04-18
| | | |
| * | | Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson2014-04-18
| |\| | | | | | | | | | | | | | | | | | Conflicts: src/or/channel.h
| | * | Switch to random allocation on circuitIDs.Nick Mathewson2014-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a possible root cause of 11553 by only making 64 attempts at most to pick a circuitID. Previously, we would test every possible circuit ID until we found one or ran out. This algorithm succeeds probabilistically. As the comment says: This potentially causes us to give up early if our circuit ID space is nearly full. If we have N circuit IDs in use, then we will reject a new circuit with probability (N / max_range) ^ MAX_CIRCID_ATTEMPTS. This means that in practice, a few percent of our circuit ID capacity will go unused. The alternative here, though, is to do a linear search over the whole circuit ID space every time we extend a circuit, which is not so great either. This makes new vs old clients distinguishable, so we should try to batch it with other patches that do that, like 11438.
| | * | Supply better and less frequent warnings on circID exhaustionNick Mathewson2014-04-18
| | | | | | | | | | | | | | | | Fixes the surface behavior of #11553
* | | | Merge branch 'bug11396_v2_squashed'Nick Mathewson2014-04-24
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Conflicts: src/or/main.c
| * | | | Expose the real maxmeminqueues via a GETINFONick Mathewson2014-04-24
| | | | | | | | | | | | | | | | | | | | That is, GETINFO limits/max-mem-in-queues
| * | | | Change the logic for the default for MaxMemInQueuesNick Mathewson2014-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we can't detect the physical memory, the new default is 8 GB on 64-bit architectures, and 1 GB on 32-bit architectures. If we *can* detect the physical memory, the new default is CLAMP(256 MB, phys_mem * 0.75, MAX_DFLT) where MAX_DFLT is 8 GB on 64-bit architectures and 2 GB on 32-bit architectures. You can still override the default by hand. The logic here is simply trying to choose a lower default value on systems with less than 12 GB of physical RAM.
| * | | | get_total_system_memory(): see how much RAM we haveNick Mathewson2014-04-24
| | | | |
* | | | | Merge remote-tracking branch 'public/bug10268'Nick Mathewson2014-04-23
|\ \ \ \ \
| * | | | | Give no answer, not NOTIMPL, for unsupported DNS query typesNick Mathewson2014-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to reports, most programs degrade somewhat gracefully on getting no answer for an MX or a CERT for www.example.com, but many flip out completely on a NOTIMPL error. Also, treat a QTYPE_ALL query as just asking for an A record. The real fix here is to implement proposal 219 or something like it. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Based on a patch from "epoch".
* | | | | | Merge remote-tracking branch 'public/bug11200'Nick Mathewson2014-04-23
|\ \ \ \ \ \
| * | | | | | should_disable_dir_fetches() now returns 1 if DisableNetwork==1Nick Mathewson2014-03-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change prevents LD_BUG warnings and bootstrap failure messages when we try to do directory fetches when starting with DisableNetwork == 1, a consensus present, but no descriptors (or insufficient descriptors) yet. Fixes bug 11200 and bug 10405. It's a bugfix on 0.2.3.9-alpha. Thanks to mcs for walking me through the repro instructions!
* | | | | | | Merge branch 'bug11156_issue2_squashed'Nick Mathewson2014-04-23
|\ \ \ \ \ \ \
| * | | | | | | Slightly improve the documentation of src/or/transports.cGeorge Kadianakis2014-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make it clear that a SIGHUP is not the only action that can cause a config re-read.
| * | | | | | | Rename the got_hup element of managed proxies.George Kadianakis2014-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we need to toggle that element in non-SIGHUP situations too where the config was re-read (like in SETCONF or RESETCONF).
| * | | | | | | Don't halt bootstrap to figure out if we should restart PT proxies.George Kadianakis2014-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead, figure out if we should restart PT proxies _immediately_ after we re-read the config file.
* | | | | | | | Merge remote-tracking branch 'public/bug9229_025'Nick Mathewson2014-04-23
|\ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/or/entrynodes.c