1. 02 Sep, 2014 1 commit
    • Nick Mathewson's avatar
      Another clang analyzer complaint wrt HT_GENERATE · 00ffccd9
      Nick Mathewson authored
      We're calling mallocfn() and reallocfn() in the HT_GENERATE macro
      with the result of a product.  But that makes any sane analyzer
      worry about overflow.
      
      This patch keeps HT_GENERATE having its old semantics, since we
      aren't the only project using ht.h.  Instead, define a HT_GENERATE2
      that takes a reallocarrayfn.
      00ffccd9
  2. 29 Aug, 2014 1 commit
  3. 15 Aug, 2014 1 commit
  4. 08 Apr, 2014 1 commit
  5. 03 Mar, 2014 1 commit
    • Nick Mathewson's avatar
      Warn if ports are specified in {Socks,Dir}Policy · 4050dfa3
      Nick Mathewson authored
      We have ignored any ports listed here since 80365b98 (0.0.7rc1),
      but we didn't warn the user that we were ignoring them.  This patch
      adds a warning if you put explicit ports in any of the options
      {Socks,Dir}Policy or AuthDir{Reject,Invalid,BadDir,BadExit}.  It
      also adjusts the manpage to say that ports are ignored.
      
      Fixes ticket 11108.
      4050dfa3
  6. 12 Feb, 2014 1 commit
    • Nick Mathewson's avatar
      Siphash-2-4 is now our hash in nearly all cases. · 0e97c8e2
      Nick Mathewson authored
      I've made an exception for cases where I'm sure that users can't
      influence the inputs.  This is likely to cause a slowdown somewhere,
      but it's safer to siphash everything and *then* look for cases to
      optimize.
      
      This patch doesn't actually get us any _benefit_ from siphash yet,
      since we don't really randomize the key at any point.
      0e97c8e2
  7. 12 Mar, 2013 1 commit
  8. 10 Feb, 2013 1 commit
  9. 01 Feb, 2013 1 commit
    • Nick Mathewson's avatar
      Rename log() to tor_log() for logging · a141430e
      Nick Mathewson authored
      This is meant to avoid conflict with the built-in log() function in
      math.h.  It resolves ticket 7599.  First reported by dhill.
      
      This was generated with the following perl script:
      
       #!/usr/bin/perl -w -i -p
      
       s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;
      
       s/\blog\(/tor_log\(/g;
      a141430e
  10. 16 Jan, 2013 2 commits
    • Nick Mathewson's avatar
      Rename *_isin to *_contains · 49e619c1
      Nick Mathewson authored
      This is an automatically generated commit, from the following perl script,
      run with the options "-w -i -p".
      
        s/smartlist_string_num_isin/smartlist_contains_int_as_string/g;
        s/smartlist_string_isin((?:_case)?)/smartlist_contains_string$1/g;
        s/smartlist_digest_isin/smartlist_contains_digest/g;
        s/smartlist_isin/smartlist_contains/g;
        s/digestset_isin/digestset_contains/g;
      49e619c1
    • Nick Mathewson's avatar
      Update the copyright date to 201. · 4da083db
      Nick Mathewson authored
      4da083db
  11. 03 Dec, 2012 1 commit
  12. 15 Nov, 2012 5 commits
    • Nick Mathewson's avatar
      Fix a bug in policy_is_reject_star() that was making IPv4 exits break · bb2145b4
      Nick Mathewson authored
      IPv4-only exits have an implicit "reject [::]/0", which was making
      policy_is_reject_star() return 1 for them, making us refuse to do
      hostname lookups.
      
      This fix chanes policy_is_reject_star() to ask about which family we meant.
      bb2145b4
    • Nick Mathewson's avatar
      Add an IPv6Exit configuration option · 9016d9e8
      Nick Mathewson authored
      Don't advertise an IPv6 exit policy, or accept IPv6 exit requests,
      if IPv6Exit is not true.
      9016d9e8
    • Nick Mathewson's avatar
      b35a0d11
    • Nick Mathewson's avatar
      Better policy support for IPv6 · a96c0aff
      Nick Mathewson authored
      Now, "accept *:80" means "accept all addresses on port 80", and not
      just IPv4.  For just v4, say "accept *4:80"; for just v6 say "accept
      *6:80".
      
      We can parse these policies from torrc just fine, and we should be
      successfully keeping them out of descriptors for now.
      
      We also now include appropriate IPv6 addresses in "reject private:*"
      a96c0aff
    • Nick Mathewson's avatar
      Add a new family-specific syntax for tor_addr_parse_mask_ports · 2eb7eafc
      Nick Mathewson authored
      By default, "*" means "All IPv4 addresses" with
      tor_addr_parse_mask_ports, so I won't break anything.  But if the new
      EXTENDED_STAR flag is provided, then * means "any address", *4 means
      "any IPv4 address" (that is, 0.0.0.0/0), and "*6" means "any IPv6
      address" (that is, [::]/0).
      
      This is going to let us have a syntax for specifying exit policies in
      torrc that won't drive people mad.
      
      Also, add a bunch of unit tests for tor_addr_parse_mask_ports to test
      these new features, and to increase coverage.
      2eb7eafc
  13. 23 Oct, 2012 3 commits
    • Roger Dingledine's avatar
      Let 0.2.3 clients exit to internal addresses if they want · 2ecee3fc
      Roger Dingledine authored
      Clients now consider the ClientRejectInternalAddresses config option
      when using a microdescriptor consensus stanza to decide whether
      an exit relay would allow exiting to an internal address. Fixes
      bug 7190; bugfix on 0.2.3.1-alpha.
      2ecee3fc
    • Roger Dingledine's avatar
      fix typo · e17fd577
      Roger Dingledine authored
      e17fd577
    • Nick Mathewson's avatar
      Fix parse_short_policy (bug 7192.) · 85659d39
      Nick Mathewson authored
      Our implementation of parse_short_policy was screwed up: it would
      ignore the last character of every short policy.  Obviously, that's
      broken.
      
      This patch fixes the busted behavior, and adds a bunch of unit tests
      to make sure the rest of that function is okay.
      
      Fixes bug 7192; fix on 0.2.3.1-alpha.
      85659d39
  14. 22 Oct, 2012 2 commits
  15. 17 Oct, 2012 2 commits
  16. 27 Aug, 2012 1 commit
  17. 17 Jul, 2012 1 commit
    • Nick Mathewson's avatar
      Change all SMARTLIST_FOREACH loops of >=10 lines to use BEGIN/END · 7faf115d
      Nick Mathewson authored
      The SMARTLIST_FOREACH macro is more convenient than BEGIN/END when
      you have a nice short loop body, but using it for long bodies makes
      your preprocessor tell the compiler that all the code is on the same
      line.  That causes grief, since compiler warnings and debugger lines
      will all refer to that one line.
      
      So, here's a new style rule: SMARTLIST_FOREACH blocks need to be
      short.
      7faf115d
  18. 28 Jun, 2012 1 commit
  19. 05 Jun, 2012 1 commit
  20. 04 Jun, 2012 1 commit
    • Nick Mathewson's avatar
      Add about 60 more DOCDOC comments to 0.2.3 · 173b18c7
      Nick Mathewson authored
      Also, try to resolve some doxygen issues.  First, define a magic
      "This is doxygen!" macro so that we take the correct branch in
      various #if/#else/#endifs in order to get the right documentation.
      Second, add in a few grouping @{ and @} entries in order to get some
      variables and fields to get grouped together.
      173b18c7
  21. 29 Feb, 2012 1 commit
  22. 17 Feb, 2012 1 commit
  23. 18 Jan, 2012 1 commit
    • Nick Mathewson's avatar
      Rename nonconformant identifiers. · 26e789fb
      Nick Mathewson authored
      Fixes bug 4893.
      
      These changes are pure mechanical, and were generated with this
      perl script:
      
        /usr/bin/perl -w -i.bak -p
      
        s/crypto_pk_env_t/crypto_pk_t/g;
        s/crypto_dh_env_t/crypto_dh_t/g;
        s/crypto_cipher_env_t/crypto_cipher_t/g;
        s/crypto_digest_env_t/crypto_digest_t/g;
      
        s/aes_free_cipher/aes_cipher_free/g;
        s/crypto_free_cipher_env/crypto_cipher_free/g;
        s/crypto_free_digest_env/crypto_digest_free/g;
        s/crypto_free_pk_env/crypto_pk_free/g;
      
        s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
        s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
        s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
        s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;
      
        s/crypto_new_cipher_env/crypto_cipher_new/g;
        s/crypto_new_digest_env/crypto_digest_new/g;
        s/crypto_new_digest256_env/crypto_digest256_new/g;
        s/crypto_new_pk_env/crypto_pk_new/g;
      
        s/crypto_create_crypto_env/crypto_cipher_new/g;
      
        s/connection_create_listener/connection_listener_new/g;
        s/smartlist_create/smartlist_new/g;
        s/transport_create/transport_new/g;
      26e789fb
  24. 17 Jan, 2012 1 commit
  25. 16 Jan, 2012 2 commits
  26. 13 Jan, 2012 1 commit
  27. 15 Jul, 2011 3 commits
    • Nick Mathewson's avatar
      Remove compare_addr_to_node_policy · 6aef89bd
      Nick Mathewson authored
      Instead, use compare_tor_addr_to_node_policy everywhere.
      
      One advantage of this is that compare_tor_addr_to_node_policy can
      better distinguish 0.0.0.0 from "unknown", which caused a nasty bug
      with microdesc users.
      6aef89bd
    • Nick Mathewson's avatar
      Treat null address as "unknown", not "rejected" in md policy · f40df02f
      Nick Mathewson authored
      Previously, we had an issue where we'd treat an unknown address as
      0, which turned into "0.0.0.0", which looked like a rejected
      address.  This meant in practice that as soon as we started doing
      comparisons of unknown uint32 addresses to short policies, we'd get
      'rejected' right away.  Because of the circumstances under which
      this would be called, it would only happen when we had local DNS
      cached entries and we were looking to launch new circuits.
      f40df02f
    • Nick Mathewson's avatar
      Remove compare_addr_to_addr_policy · 3380dc9c
      Nick Mathewson authored
      Nothing used it but the unit tests; everything else knows to use
      compare_tor_addr_to_addr_policy instead.
      3380dc9c
  28. 08 Jul, 2011 1 commit