1. 28 Jul, 2020 1 commit
    • Jigsaw52's avatar
      Fix startup crash with seccomp sandbox enabled #40072 · eab8e7af
      Jigsaw52 authored
      Fix crash introduced in #40020. On startup, tor calls
      check_private_dir on the data and key directories. This function
      uses open instead of opendir on the received directory. Data and
      key directoryes are only opened here, so the seccomp rule added
      should be for open instead of opendir, despite the fact that they
      are directories.
      eab8e7af
  2. 20 Jul, 2020 2 commits
    • Jigsaw52's avatar
      Fix seccomp sandbox rules for opening directories #40020 · d28bfb2c
      Jigsaw52 authored
      Different versions of glibc use either open or openat for the
      opendir function. This commit adds logic to use the correct rule
      for each glibc version, namely:
      - Until 2.14 open is used
      - From 2.15 to to 2.21 openat is used
      - From 2.22 to 2.26 open is used
      - From 2.27 onwards openat is used
      d28bfb2c
    • Jigsaw52's avatar
      Fix seccomp sandbox rules for openat #27315 · c79b4397
      Jigsaw52 authored
      The need for casting negative syscall arguments depends on the
      glibc version. This affects the rules for the openat syscall which
      uses the constant AT_FDCWD that is defined as a negative number.
      This commit adds logic to only apply the cast when necessary, on
      glibc versions from 2.27 onwards.
      c79b4397
  3. 09 Jul, 2020 3 commits
  4. 07 Jul, 2020 2 commits
  5. 06 Jul, 2020 4 commits
    • Alexander Færøy's avatar
      Use ((x + 7) >> 3) instead of (x >> 3) when converting from bits to bytes. · 7b2d1070
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch changes our bits-to-bytes conversion logic in the NSS
      implementation of `tor_tls_cert_matches_key()` from using (x >> 3) to
      ((x + 7) >> 3) since DER bit-strings are allowed to contain a number of
      bits that is not a multiple of 8.
      
      Additionally, we add a comment on why we cannot use the
      `DER_ConvertBitString()` macro from NSS, as we would potentially apply
      the bits-to-bytes conversion logic twice, which would lead to an
      insignificant amount of bytes being compared in
      `SECITEM_ItemsAreEqual()` and thus turn the logic into being a
      prefix match instead of a full match.
      
      The `DER_ConvertBitString()` macro is defined in NSS as:
      
          /*
          ** Macro to convert der decoded bit string into a decoded octet
          ** string. All it needs to do is fiddle with the length code.
          */
          #define DER_ConvertBitString(item)            \
              {                                         \
                  (item)->len = ((item)->len + 7) >> 3; \
              }
      
      Thanks to Taylor Yu for spotting this problem.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      7b2d1070
    • Alexander Færøy's avatar
      Add constness to length variables in `tor_tls_cert_matches_key`. · 06f1e959
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
      `tor_tls_cert_matches_key` to ensure that we don't accidentally alter
      the variables.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      06f1e959
    • Alexander Færøy's avatar
      Fix out-of-bound memory read in `tor_tls_cert_matches_key()` for NSS. · b46984e9
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch fixes an out-of-bound memory read in
      `tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
      instead of OpenSSL.
      
      The NSS library stores some length fields in bits instead of bytes, but
      the comparison function found in `SECITEM_ItemsAreEqual()` needs the
      length to be encoded in bytes. This means that for a 140-byte,
      DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
      in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
      bytes instead of 140 (140bytes * 8bits = 1120bits).
      
      This patch fixes the issue by converting from bits to bytes before
      calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
      bits before we leave the function.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      b46984e9
    • Alexander Færøy's avatar
      Run `tor_tls_cert_matches_key()` Test Suite with both OpenSSL and NSS. · 33e1c2e6
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch lifts the `tor_tls_cert_matches_key()` tests out of the
      OpenSSL specific TLS test suite and moves it into the generic TLS test
      suite that is executed for both OpenSSL and NSS.
      
      This patch is largely a code movement, but we had to rewrite parts of
      the test to avoid using OpenSSL specific data-types (such as `X509 *`)
      and replace it with the generic Tor abstraction type
      (`tor_x509_cert_impl_t *`).
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      33e1c2e6
  6. 30 Jun, 2020 5 commits
  7. 29 Jun, 2020 1 commit
  8. 12 Jun, 2020 1 commit
  9. 05 Jun, 2020 1 commit
  10. 03 Jun, 2020 1 commit
  11. 30 May, 2020 1 commit
    • Roger Dingledine's avatar
      Preemptive circs should work with UseEntryGuards 0 · 39f2411b
      Roger Dingledine authored
      Resume being willing to use preemptively-built circuits when
      UseEntryGuards is set to 0. We accidentally disabled this feature with
      that config setting (in our fix for #24469), leading to slower load times.
      
      Fixes bug 34303; bugfix on 0.3.3.2-alpha.
      39f2411b
  12. 15 May, 2020 1 commit
  13. 14 May, 2020 1 commit
  14. 06 May, 2020 9 commits
  15. 09 Apr, 2020 1 commit
  16. 20 Mar, 2020 1 commit
    • teor's avatar
      Appveyor: Copy required DLLs to test and app · 38e07b88
      teor authored
      Copy required DLLs to test and app, before running tor's tests.
      
      This ensures that tor.exe and test*.exe use the correct version of each
      DLL. This fix is not required, but we hope it will avoid DLL search
      issues in future.
      
      Closes bug 33673; bugfix on 0.3.4.2-alpha.
      38e07b88
  17. 19 Mar, 2020 2 commits
  18. 18 Mar, 2020 2 commits
  19. 17 Mar, 2020 1 commit