1. 21 Dec, 2020 1 commit
  2. 01 Oct, 2020 1 commit
  3. 03 Sep, 2020 1 commit
    • David Goulet's avatar
      addr: Missing AF family to index conversion · ae643081
      David Goulet authored and Alexander Færøy's avatar Alexander Færøy committed
      When accessing the last_resolved_address cache we always need to convert the
      AF family value to an index value else we are out of bound and thus
      overflowing if we write to it.
      
      This fix is on code that has not been released.
      
      GeKo reported the following libasan crash using Tor Browser alpha with tor
      0.4.5.0-alpha-dev (3c884bc9
      
      ):
      
      ==4240==ERROR: AddressSanitizer: global-buffer-overflow on address
      0x55888490e388 at pc 0x5588842cc216 bp 0x7ffc8c421b00 sp 0x7ffc8c421af8
      READ of size 2 at 0x55888490e388 thread T0
          #0 0x5588842cc215 in tor_addr_compare_masked
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x5a6215)
          #1 0x558884203210 in is_local_to_resolve_addr
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x4dd210)
          #2 0x558883f7e252 in channel_tls_connect
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x258252)
          #3 0x558883f87ff7 in channel_connect_for_circuit
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x261ff7)
          #4 0x558883f8bc90 in circuit_handle_first_hop
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x265c90)
          #5 0x558883f8c891 in circuit_establish_circuit
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x266891)
          #6 0x558883fc3bbc in circuit_launch_by_extend_info
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x29dbbc)
          #7 0x558883fc5900
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x29f900)
          #8 0x558883fc6988 in connection_ap_handshake_attach_circuit
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2a0988)
          #9 0x558883fd0d3f in connection_ap_attach_pending
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2aad3f)
          #10 0x7f4d50110885  (TorBrowser/Tor/libevent-2.1.so.7+0x22885)
          #11 0x7f4d501110de in event_base_loop
      (TorBrowser/Tor/libevent-2.1.so.7+0x230de)
          #12 0x558883f69b3c in do_main_loop
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x243b3c)
          #13 0x558883f3f70c in tor_run_main
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x21970c)
          #14 0x558883f3c2f7 in tor_main
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2162f7)
          #15 0x558883f3531b in main
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x20f31b)
          #16 0x7f4d4f76acc9 in __libc_start_main
      (/lib/x86_64-linux-gnu/libc.so.6+0x26cc9)
          #17 0x558883f3ba00
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x215a00)
      
      0x55888490e388 is located 24 bytes to the left of global variable
      'state_mgr' defined in 'src/app/config/statefile.c:184:22'
      (0x55888490e3a0) of size 8
      0x55888490e388 is located 32 bytes to the right of global variable
      'global_state' defined in 'src/app/config/statefile.c:204:20'
      (0x55888490e360) of size 8
      SUMMARY: AddressSanitizer: global-buffer-overflow
      (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x5a6215)
      in tor_addr_compare_masked
      Shadow bytes around the buggy address:
        0x0ab190919c20: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
        0x0ab190919c30: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9
        0x0ab190919c40: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
        0x0ab190919c50: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 00 00 00 04
        0x0ab190919c60: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
      =>0x0ab190919c70: f9[f9]f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
        0x0ab190919c80: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
        0x0ab190919c90: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
        0x0ab190919ca0: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
        0x0ab190919cb0: 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
        0x0ab190919cc0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07
        Heap left redzone:       fa
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        Array cookie:            ac
        Intra object redzone:    bb
        ASan internal:           fe
        Left alloca redzone:     ca
        Right alloca redzone:    cb
        Shadow gap:              cc
      ==4240==ABORTING
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      ae643081
  4. 24 Jul, 2020 2 commits
  5. 22 Jul, 2020 2 commits
  6. 21 Jul, 2020 1 commit
  7. 20 Jul, 2020 3 commits
  8. 10 Jul, 2020 1 commit
  9. 09 Jul, 2020 1 commit
  10. 08 Jul, 2020 1 commit
  11. 07 Jul, 2020 3 commits
    • David Goulet's avatar
      addr: Attempt to learn our address with ORPort · 809c8647
      David Goulet authored
      
      
      If no Address statement are found in the configuration file, attempt to learn
      our address by looking at the ORPort address if any. Specifying an address is
      optional so if we can't find one, it is fine, we move on to the next discovery
      mechanism.
      
      Note that specifying a hostname on the ORPort is not yet supported at this
      commit.
      
      Closes #33236
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      809c8647
    • David Goulet's avatar
      addr: New function relay_address_new_suggestion() · 192d367b
      David Goulet authored
      
      
      This behaves like router_new_address_suggestion() but differs in couple of
      ways:
      
        1. It takes a tor_addr_t instead of an address string and supports both
           AF_INET and AF_INET6.
        2. It does _not_ use the last_guessed_ip local cache and instead only relies
           on the last resolved address cache in resolve_addr.c
      
      It is not used at this commit. This function is made to process a suggested
      address found in a NETINFO cell exactly like router_new_address_suggestion()
      does with the address a directory suggests us.
      
      Related to #40022
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      192d367b
    • David Goulet's avatar
      addr: Rename and make resolved_addr_set_last() function public · f57ce632
      David Goulet authored
      
      
      Rename the static function update_resolved_cache() to resolved_addr_set_last()
      and make it public.
      
      We are about to use it in order to record any suggested address from a NETINFO
      cell.
      
      Related to #40022
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      f57ce632
  12. 06 Jul, 2020 1 commit
  13. 02 Jul, 2020 1 commit
  14. 30 Jun, 2020 5 commits
  15. 25 Jun, 2020 1 commit
  16. 24 Jun, 2020 9 commits
  17. 23 Jun, 2020 3 commits
  18. 01 Jun, 2020 1 commit
    • c's avatar
      config: Add IPv4 Address config debug logging · 7640a956
      c authored
      Per ticket #32888 this should address logging "the Address torrc
      option", "and whether it is an IP address, or a DNS name"; or the
      detected "local hostname", "and whether it is an IP address, or a DNS
      name". Some of these details already seem to be logged, so just add
      what's missing.
      7640a956
  19. 21 May, 2020 1 commit
  20. 05 May, 2020 1 commit