1. 23 May, 2017 1 commit
  2. 25 Apr, 2017 1 commit
  3. 15 Mar, 2017 1 commit
  4. 03 Jan, 2017 1 commit
  5. 23 Dec, 2016 1 commit
  6. 16 Dec, 2016 1 commit
    • Nick Mathewson's avatar
      Lay down some infrastructure for bridges in the New Guard Order. · 1d52ac4d
      Nick Mathewson authored
      This includes:
        * making bridge_info_t exposed but opaque
        * allowing guards where we don't know an identity
        * making it possible to learn the identity of a guard
        * creating a guard that lacks a node_t
        * remembering a guard's address and port.
        * Looking up a guard by address and port.
        * Only enforcing the rule that we need a live consensus to update
          the "listed" status for guards when we are not using bridges.
  7. 04 Dec, 2016 1 commit
  8. 11 Oct, 2016 1 commit
  9. 10 Oct, 2016 1 commit
    • Yawning Angel's avatar
      Bug 20261: Treat AF_UNIX addresses as equal when comparing them. · 7b2c8567
      Yawning Angel authored
      This is a kludge to deal with the fact that `tor_addr_t` doesn't contain
      `sun_path`.  This currently ONLY happens when circuit isolation is being
      checked, for an isolation mode that is force disabled anyway, so the
      kludge is "ugly but adequate", but realistically, making `tor_addr_t`
      and the AF_UNIX SocksPort code do the right thing is probably the better
  10. 03 Oct, 2016 1 commit
    • cypherpunks's avatar
      Avoid reordering IPv6 interface addresses · 3b2f012e
      cypherpunks authored and Nick Mathewson's avatar Nick Mathewson committed
      When deleting unsuitable addresses in get_interface_address6_list(), to
      avoid reordering IPv6 interface addresses and keep the order returned by
      the OS, use SMARTLIST_DEL_CURRENT_KEEPORDER() instead of
      This issue was reported by René Mayrhofer.
      [Closes ticket 20163; changes file written by teor. This paragraph
      added by nickm]
  11. 28 Jul, 2016 1 commit
  12. 15 Jun, 2016 1 commit
  13. 11 Jun, 2016 1 commit
    • Nick Mathewson's avatar
      Enable -Wnull-dereference (GCC >=6.1), and fix the easy cases · 4f8086fb
      Nick Mathewson authored
      This warning, IIUC, means that the compiler doesn't like it when it
      sees a NULL check _after_ we've already dereferenced the
      variable. In such cases, it considers itself free to eliminate the
      NULL check.
      There are a couple of tricky cases:
      One was the case related to the fact that tor_addr_to_in6() can
      return NULL if it gets a non-AF_INET6 address.  The fix was to
      create a variant which asserts on the address type, and never
      returns NULL.
  14. 30 May, 2016 1 commit
    • Nick Mathewson's avatar
      Replace nearly all XXX0vv comments with smarter ones · 4f1a04ff
      Nick Mathewson authored
      So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
      had better revisit this comment and fix it!"
      But we have a huge pile of such comments accumulated for a large
      number of released versions!  Not cool.
      So, here's what I tried to do:
        * 0.2.9 and 0.2.8 are retained, since those are not yet released.
        * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
          quite important!"
        * The others, after one-by-one examination, are downgraded to
          plain old XXX.  Which doesn't mean they aren't a problem -- just
          that they cannot possibly be a release-blocking problem.
  15. 28 Mar, 2016 1 commit
  16. 04 Mar, 2016 2 commits
  17. 27 Feb, 2016 1 commit
  18. 06 Feb, 2016 1 commit
  19. 28 Jan, 2016 1 commit
  20. 09 Jan, 2016 1 commit
  21. 06 Jan, 2016 2 commits
    • rl1987's avatar
      Use get_interface6_via_udp_socket_hack() properly in _list(). · 110765f5
      rl1987 authored
      When _list() is called with AF_UNSPEC family and fails to enumerate
      network interfaces using platform specific API, have it call
      _hack() twice to find out IPv4 and/or IPv6 address of a machine Tor
      instance is running on. This is correct way to handle this case
      because _hack() can only be called with AF_INET and AF_INET6 and
      does not support any other address family.
    • rl1987's avatar
      Tweak ioctl case. · 680d0701
      rl1987 authored
  22. 03 Jan, 2016 2 commits
  23. 15 Dec, 2015 1 commit
  24. 07 Dec, 2015 1 commit
  25. 18 Nov, 2015 2 commits
  26. 29 Sep, 2015 2 commits
    • teor (Tim Wilson-Brown)'s avatar
      Add checks and unit tests for get_interface_address* failure · 7fa102b4
      teor (Tim Wilson-Brown) authored and Nick Mathewson's avatar Nick Mathewson committed
      Ensure that either a valid address is returned in address pointers,
      or that the address data is zeroed on error.
      Ensure that free_interface_address6_list handles NULL lists.
      Add unit tests for get_interface_address* failure cases.
      Fixes bug #17173.
      Patch by fk/teor, not in any released version of tor.
    • Fabian Keil's avatar
      get_interface_address6_list(): Bring back a return code check · 3ea834ce
      Fabian Keil authored and Nick Mathewson's avatar Nick Mathewson committed
      ... that was removed by 31eb486c which first appeared in
      If tor is running in a ElectroBSD (or FreeBSD) jail it can't
      get any IP addresses that aren't assigned to the jail by
      looking at the interfaces and (by design) the
      get_interface_address6_via_udp_socket_hack() fallback doesn't
      work either.
      The missing return code check resulted in tor_addr_is_internal()
      complaining about a "non-IP address of type 49", due to reading
      uninitialised memory.
      Fixes #17173.
  27. 15 Sep, 2015 4 commits
    • teor (Tim Wilson-Brown)'s avatar
      ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses · 098b82c7
      teor (Tim Wilson-Brown) authored
      ExitPolicyRejectPrivate now rejects more local addresses by default:
       * the relay's published IPv6 address (if any), and
       * any publicly routable IPv4 or IPv6 addresses on any local interfaces.
      This resolves a security issue for IPv6 Exits and multihomed Exits that
      trust connections originating from localhost.
      Resolves ticket 17027. Patch by "teor".
      Patch on 42b8fb5a (11 Nov 2007), released in
    • teor (Tim Wilson-Brown)'s avatar
      ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only · d3358a0a
      teor (Tim Wilson-Brown) authored
      In previous versions of Tor, ExitPolicy accept6/reject6 * produced
      policy entries for IPv4 and IPv6 wildcard addresses.
      To reduce operator confusion, change accept6/reject6 * to only produce
      an IPv6 wildcard address.
      Resolves bug #16069.
      Patch on 2eb7eafc and a96c0aff (25 Oct 2012),
      released in
    • teor (Tim Wilson-Brown)'s avatar
      Ignore accept6/reject6 IPv4, warn about unexpected rule outcomes · e033d5e9
      teor (Tim Wilson-Brown) authored
      When parsing torrc ExitPolicies, we now warn if:
        * an IPv4 address is used on an accept6 or reject6 line. The line is
          ignored, but the rest of the policy items in the list are used.
          (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
        * a "private" address alias is used on an accept6 or reject6 line.
          The line filters both IPv4 and IPv6 private addresses, disregarding
          the 6 in accept6/reject6.
      When parsing torrc ExitPolicies, we now issue an info-level message:
        * when expanding an accept/reject * line to include both IPv4 and IPv6
          wildcard addresses.
      In each instance, usage advice is provided to avoid the message.
      Partial fix for ticket 16069. Patch by "teor".
      Patch on 2eb7eafc and a96c0aff (25 Oct 2012),
      released in
    • teor (Tim Wilson-Brown)'s avatar
      Add get_interface_address[6]_list for a list of interface IP addresses · 31eb486c
      teor (Tim Wilson-Brown) authored
      Add get_interface_address[6]_list by refactoring
      get_interface_address6. Add unit tests for new and existing functions.
      Preparation for ticket 17027. Patch by "teor".
      Patch on 42b8fb5a (11 Nov 2007), released in
  28. 31 Jul, 2015 1 commit
    • Nick Mathewson's avatar
      Move formatting functions around. · 347fe449
      Nick Mathewson authored
      The base64 and base32 functions used to be in crypto.c;
      crypto_format.h had no header; some general-purpose functions were in
      This patch makes a {crypto,util}_format.[ch], and puts more functions
      there.  Small modules are beautiful!
  29. 29 Jun, 2015 2 commits
  30. 31 Mar, 2015 2 commits