| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|
|
|
|
|
|
| |
Previously it would erroneously return true if ListenAddr was set for
a client port, even if that port itself was 0. This would give false
positives, which were not previously harmful... but which were about
to become.
|
| |
|
| |
|
|
|
|
|
|
|
| |
A v0 HS authority stores v0 HS descriptors in the same descriptor
cache that its HS client functionality uses. Thus, if the HS
authority operator clears its client HS descriptor cache, ALL v0
HS descriptors will be lost. That would be bad.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These functions can return NULL for otherwise-valid values of
time_t. Notably, the glibc gmtime manpage says it can return NULL
if the year if greater than INT_MAX, and the windows MSDN gmtime
page says it can return NULL for negative time_t values.
Also, our formatting code is not guaranteed to correctly handle
years after 9999 CE.
This patch tries to correct this by detecting NULL values from
gmtime/localtime_r, and trying to clip them to a reasonable end of
the scale. If they are in the middle of the scale, we call it a
downright error.
Arguably, it's a bug to get out-of-bounds dates like this to begin
with. But we've had bugs of this kind in the past, and warning when
we see a bug is much kinder than doing a NULL-pointer dereference.
Boboper found this one too.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some tor relays would report lines like these in their extrainfo
documents:
dirreq-write-history 2011-03-14 16:46:44 (900 s)
This was confusing to some people who look at the stats. It would happen
whenever a relay first starts up, or when a relay has dirport disabled.
Change this so that lines without actual bw entries are omitted.
Implements ticket 2497.
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/or/or.h
src/or/rendclient.c
|
| | |
| | |
| | |
| | |
| | | |
tor_fragile_assert() might be a no-op, so we have to return something
here to indicate failure to the caller.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the user sent a SIGNAL NEWNYM command after we fetched a rendezvous
descriptor, while we were building the introduction-point circuit, we
would give up entirely on trying to connect to the hidden service.
Original patch by rransom slightly edited to go into 0.2.1
|
| | |
| | |
| | |
| | | |
i.e. without closing the AP connection.
|
| | | |
|
|\| |
| | |
| | |
| | |
| | | |
Conflicts:
src/common/torint.h
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
None of the comparisons were _broken_ previously, but avoiding
signed/unsigned comparisons makes everybody happier.
Fixes bug2475.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, it would remove every trackhostexits-derived mapping
*from* xyz.<exitname>.exit; it was supposed to remove every
trackhostexits-derived mapping *to* xyz.<exitname>.exit.
Bugfix on 0.2.0.20-rc: fixes an XXX020 added while staring at bug-1090
issues.
|
| | |
| | |
| | |
| | | |
(still not happy.)
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
ones
|
| | |
| | |
| | |
| | |
| | | |
these still aren't perfect, but we won't know how to correct them until
we start experiencing surprised users.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now we believe it to be the case that we never build a circuit for our
stream that has an unsuitable exit, so we'll never need to use such
a circuit. The risk is that we have some code that builds the circuit,
but now we refuse to use it, meaning we just build a bazillion circuits
and ignore them all.
|
| | |
| | |
| | |
| | |
| | | |
We had a circuit_purpose_to_controller_string() function, but it was
pretty coarse-grained and didn't try to be human-readable.
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Also add a request to report any cases where we are not honoring
StrictNodes to the developers: These should now all be bugs.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This looked at first like another fun way around our node selection
logic: if we had introduction circuits, and we wound up building too
many, we would turn extras into general-purpose circuits. But when we
did so, we wouldn't necessarily check whether the general-purpose
circuits conformed to our node constraints. For example, the last
node could totally be in ExcludedExitNodes and we wouldn't have cared...
...except that the circuit should already be internal, so it won't get user
streams attached to it, so the transition should generally be allowed.
Add an assert to make sure we're right about this, and have it not
check whether ExitNodes is set, since that's irrelevant to internal
circuits.
|
| | |
| | |
| | |
| | |
| | | |
This could happen if StrictNodes was 0 and we were forced to pick an
excluded node as the last hop of the circuit.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
IOW, if we were using TrackExitHosts, and we added an excluded node or
removed a node from exitnodes, we wouldn't actually remove the mapping
that points us at the new node.
Also, note with an XXX022 comment a place that I think we are looking
at the wrong string.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The routerset_equal function explicitly handles NULL inputs, so
there's no need to check inputs for NULL before calling it.
Also fix a bug in routerset_equal where a non-NULL routerset with no
entries didn't get counted as equal to a NULL routerset. This was
untriggerable, I think, but potentially annoying down the road.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
circuit
We could probably do something smarter here, but the situation is
unusual enough that it's okay to just fail the circuit.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ExcludeExitNodes foo now means that foo.exit doesn't work. If
StrictNodes is set, then ExcludeNodes foo also overrides foo.exit.
foo.exit , however, still works even if foo is not listed in ExitNodes.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This once maybe made sense when ExitNodes meant "Here are 3 exits;
use them all", but now it more typically means "Here are 3
countries; exit from there." Using non-Fast/Stable exits created a
potential partitioning opportunity and an annoying stability
problem.
(Don't worry about the case where all of our ExitNodes are non-Fast
or non-Stable: we handle that later in the function by retrying with
need_capacity and need_uptime set to 0.)
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
add a note reminding us to do this for foo.moria1.exit if we decide to.
|
| | | |
|
| | |
| | |
| | |
| | | |
Also, ExitNodes are always strict.
|
| | | |
|
| | | |
|