node_get_all_orports and router_get_all_orports incorrectly used or_port
with IPv6 addresses. They now use ipv6_orport.

Also refactor and remove duplicated code.

Consistently ignore multicast addresses when automatically
generating reject private exit policies.

Closes ticket 17763. Bug fix on 10a6390d,
not in any released version of Tor. Patch by "teor".

Comment-only change noting platforms that can return IPv6
addresses from SIOCGIFCONF (or SIOCGLIFCONF).

Comment-only change noting platforms that can return IPv6
addresses from SIOCGIFCONF (or SIOCGLIFCONF).

teor (Tim Wilson-Brown) authored Sep 29, 2015 and Nick Mathewson committed Sep 29, 2015

Ensure that either a valid address is returned in address pointers,
or that the address data is zeroed on error.

Ensure that free_interface_address6_list handles NULL lists.

Add unit tests for get_interface_address* failure cases.

Fixes bug #17173.
Patch by fk/teor, not in any released version of tor.

Fabian Keil authored Sep 28, 2015 and Nick Mathewson committed Sep 29, 2015

... that was removed by 31eb486c which first appeared in
0.2.7.3-rc.

If tor is running in a ElectroBSD (or FreeBSD) jail it can't
get any IP addresses that aren't assigned to the jail by
looking at the interfaces and (by design) the
get_interface_address6_via_udp_socket_hack() fallback doesn't
work either.

The missing return code check resulted in tor_addr_is_internal()
complaining about a "non-IP address of type 49", due to reading
uninitialised memory.

Fixes #17173.

ExitPolicyRejectPrivate now rejects more local addresses by default:
 * the relay's published IPv6 address (if any), and
 * any publicly routable IPv4 or IPv6 addresses on any local interfaces.

This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.

Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a (11 Nov 2007), released in 0.2.0.11-alpha.

In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc and a96c0aff (25 Oct 2012),
released in 0.2.4.7-alpha.

When parsing torrc ExitPolicies, we now warn if:
  * an IPv4 address is used on an accept6 or reject6 line. The line is
    ignored, but the rest of the policy items in the list are used.
    (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
  * a "private" address alias is used on an accept6 or reject6 line.
    The line filters both IPv4 and IPv6 private addresses, disregarding
    the 6 in accept6/reject6.

When parsing torrc ExitPolicies, we now issue an info-level message:
  * when expanding an accept/reject * line to include both IPv4 and IPv6
    wildcard addresses.

In each instance, usage advice is provided to avoid the message.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc and a96c0aff (25 Oct 2012),
released in 0.2.4.7-alpha.

Add get_interface_address[6]_list by refactoring
get_interface_address6. Add unit tests for new and existing functions.

Preparation for ticket 17027. Patch by "teor".
Patch on 42b8fb5a (11 Nov 2007), released in 0.2.0.11-alpha.

The base64 and base32 functions used to be in crypto.c;
crypto_format.h had no header; some general-purpose functions were in
crypto_curve25519.c.

This patch makes a {crypto,util}_format.[ch], and puts more functions
there.  Small modules are beautiful!

rl1987 authored Mar 14, 2015 and Nick Mathewson committed Mar 31, 2015

Also, fix some whitespace mishaps.

CID  1268070

This could trigger where _SIZEOF_ADDR_IFREQ() might not return a
multiple of sizeof(void *). Fixes bug 14875; not in any released version
of Tor.

If we guessed a buffer size too small, we never increased the buffer and
tried again

Also simplify the interface of ifreq_to_smartlist a little

rl1987 authored May 24, 2014 and Nick Mathewson committed Jan 23, 2015

Now the code has separate implementation and examination functions,
uses smartlists sanely, and has relatively decent test coverage.

Jacob Appelbaum authored Aug 11, 2014 and Andrea Shepard committed Jan 07, 2015

Signed-off-by: Andrea Shepard <andrea@torproject.org>

Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it.  Let's make sure that doesn't happen.

Closes ticket 14041

rl1987 authored Apr 28, 2014 and Nick Mathewson committed Dec 29, 2014

Also, improve comments on resolve_my_address to explain what it
actually does.

The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

A comment about an IPv6 address string incorrectly refers
to an IPv4 address format.

A log buffer is sized 10024 rather than 10240.

Fixes bug 14001.

Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?

Apparently some compilers want extra switches.

Since address.c is the first file to get compiled, let's have it use
a little judicious c99 in order to catch broken compilers that
somehow make it past our autoconf tests.

"The NULL pointer warnings on the return value of
tor_addr_to_in6_addr32() are incorrect. But clang can't work this
out itself due to limited analysis depth. To teach the analyser that
the return value is safe to dereference, I applied tor_assert to the
return value."

Patch from teor.  Part of 13157.

Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".

The old cache had problems:
     * It needed to be manually preloaded. (It didn't remember any
       address you didn't tell it to remember)
     * It was AF_INET only.
     * It looked at its cache even if the sandbox wasn't turned on.
     * It couldn't remember errors.
     * It had some memory management problems. (You can't use memcpy
       to copy an addrinfo safely; it has pointers in.)

This patch fixes those issues, and moves to a hash table.

Fixes bug 11970; bugfix on 0.2.5.1-alpha.

As documented, getaddrinfo always sets its result when it returns
no error.  But scan-build doesn't know that, and thinks we might
be def

(Not a bugfix on any Tor release; before 10801_024, it didn't handle
portless addresses at all.)

Fixes bug 10801; bugfix on 07bf274d in 0.2.0.1-alpha.

Most of these are simple.  The only nontrivial part is that our
pattern for using ENUM_BF was confusing doxygen by making declarations
that didn't look like declarations.