1. 11 Aug, 2020 2 commits
  2. 10 Aug, 2020 1 commit
  3. 03 Aug, 2020 2 commits
  4. 30 Jul, 2020 2 commits
  5. 28 Jul, 2020 2 commits
    • Jigsaw52's avatar
      Fix startup crash with seccomp sandbox enabled #40072 · eab8e7af
      Jigsaw52 authored
      Fix crash introduced in #40020. On startup, tor calls
      check_private_dir on the data and key directories. This function
      uses open instead of opendir on the received directory. Data and
      key directoryes are only opened here, so the seccomp rule added
      should be for open instead of opendir, despite the fact that they
      are directories.
      eab8e7af
    • Nick Mathewson's avatar
      Use _lseeki64() on windows. · dcc60294
      Nick Mathewson authored
      Fixes bug 31036; bugfix on 0.2.1.8-alpha when we moved the logging
      system to use posix fds.
      dcc60294
  6. 27 Jul, 2020 2 commits
  7. 24 Jul, 2020 1 commit
  8. 23 Jul, 2020 1 commit
  9. 22 Jul, 2020 2 commits
    • Nick Mathewson's avatar
      Treat all extorport connections with un-set addresses as remote · ceb6585a
      Nick Mathewson authored
      Without this fix, if an PT forgets to send a USERADDR command, that
      results in a connection getting treated as local for the purposes of
      rate-limiting.
      
      If the PT _does_ use USERADDR, we still believe it.
      
      Closes ticket 33747.
      ceb6585a
    • Nick Mathewson's avatar
      Adjust the rules for warning about too many connections. · faa752f3
      Nick Mathewson authored
      Previously we tolerated up to 1.5 connections for every relay we
      were connected to, and didn't warn if we had fewer than 5
      connections total.
      
      Now we tolerate up to 1.5 connections per relay, and up to 4
      connections per authority, and we don't warn at all when we have
      fewer than 25 connections total.
      
      Fixes bug 33880, which seems to have been provoked by our #17592
      change in 0.3.5.
      faa752f3
  10. 20 Jul, 2020 3 commits
    • Jigsaw52's avatar
      Fix seccomp sandbox rules for openat #27315 · d75e7daa
      Jigsaw52 authored
      The need for casting negative syscall arguments depends on the
      glibc version. This affects the rules for the openat syscall which
      uses the constant AT_FDCWD that is defined as a negative number.
      This commit adds logic to only apply the cast when necessary, on
      glibc versions from 2.27 onwards.
      d75e7daa
    • Jigsaw52's avatar
      Fix seccomp sandbox rules for opening directories #40020 · d28bfb2c
      Jigsaw52 authored
      Different versions of glibc use either open or openat for the
      opendir function. This commit adds logic to use the correct rule
      for each glibc version, namely:
      - Until 2.14 open is used
      - From 2.15 to to 2.21 openat is used
      - From 2.22 to 2.26 open is used
      - From 2.27 onwards openat is used
      d28bfb2c
    • Jigsaw52's avatar
      Fix seccomp sandbox rules for openat #27315 · c79b4397
      Jigsaw52 authored
      The need for casting negative syscall arguments depends on the
      glibc version. This affects the rules for the openat syscall which
      uses the constant AT_FDCWD that is defined as a negative number.
      This commit adds logic to only apply the cast when necessary, on
      glibc versions from 2.27 onwards.
      c79b4397
  11. 13 Jul, 2020 1 commit
  12. 10 Jul, 2020 1 commit
  13. 09 Jul, 2020 11 commits
  14. 08 Jul, 2020 1 commit
    • Guinness's avatar
      socks: Returns 0xF6 only if BAD_HOSTNAME · 562957e0
      Guinness authored and David Goulet's avatar David Goulet committed
      
      
      This commit modifies the behavior of `parse_extended_address` in such a way
      that if it fails, it will always return a `BAD_HOSTNAME` value, which is then
      used to return the 0xF6 extended error code.  This way, in any case that is
      not a valid v2 address, we return the 0xF6 error code, which is the expected
      behavior.
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      562957e0
  15. 07 Jul, 2020 2 commits
  16. 06 Jul, 2020 4 commits
    • Alexander Færøy's avatar
      Use ((x + 7) >> 3) instead of (x >> 3) when converting from bits to bytes. · 7b2d1070
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch changes our bits-to-bytes conversion logic in the NSS
      implementation of `tor_tls_cert_matches_key()` from using (x >> 3) to
      ((x + 7) >> 3) since DER bit-strings are allowed to contain a number of
      bits that is not a multiple of 8.
      
      Additionally, we add a comment on why we cannot use the
      `DER_ConvertBitString()` macro from NSS, as we would potentially apply
      the bits-to-bytes conversion logic twice, which would lead to an
      insignificant amount of bytes being compared in
      `SECITEM_ItemsAreEqual()` and thus turn the logic into being a
      prefix match instead of a full match.
      
      The `DER_ConvertBitString()` macro is defined in NSS as:
      
          /*
          ** Macro to convert der decoded bit string into a decoded octet
          ** string. All it needs to do is fiddle with the length code.
          */
          #define DER_ConvertBitString(item)            \
              {                                         \
                  (item)->len = ((item)->len + 7) >> 3; \
              }
      
      Thanks to Taylor Yu for spotting this problem.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      7b2d1070
    • Alexander Færøy's avatar
      Add constness to length variables in `tor_tls_cert_matches_key`. · 06f1e959
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
      `tor_tls_cert_matches_key` to ensure that we don't accidentally alter
      the variables.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      06f1e959
    • Alexander Færøy's avatar
      Fix out-of-bound memory read in `tor_tls_cert_matches_key()` for NSS. · b46984e9
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch fixes an out-of-bound memory read in
      `tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
      instead of OpenSSL.
      
      The NSS library stores some length fields in bits instead of bytes, but
      the comparison function found in `SECITEM_ItemsAreEqual()` needs the
      length to be encoded in bytes. This means that for a 140-byte,
      DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
      in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
      bytes instead of 140 (140bytes * 8bits = 1120bits).
      
      This patch fixes the issue by converting from bits to bytes before
      calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
      bits before we leave the function.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      b46984e9
    • Alexander Færøy's avatar
      Run `tor_tls_cert_matches_key()` Test Suite with both OpenSSL and NSS. · 33e1c2e6
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch lifts the `tor_tls_cert_matches_key()` tests out of the
      OpenSSL specific TLS test suite and moves it into the generic TLS test
      suite that is executed for both OpenSSL and NSS.
      
      This patch is largely a code movement, but we had to rewrite parts of
      the test to avoid using OpenSSL specific data-types (such as `X509 *`)
      and replace it with the generic Tor abstraction type
      (`tor_x509_cert_impl_t *`).
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      33e1c2e6
  17. 03 Jul, 2020 1 commit
  18. 02 Jul, 2020 1 commit