The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2020-07-24T12:48:34Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3241Seeing lots of "crypto error while reading public key from string" on DA2020-07-24T12:48:34ZLinus Nordberglinus@torproject.orgSeeing lots of "crypto error while reading public key from string" on DAI have about 200 of these (in 20 hours) on my DA:
May 18 21:06:05.183 [warn] crypto error while reading public key from string: too long (in asn1 encoding routines:ASN1_get_object)
May 18 21:06:05.183 [warn] crypto error while reading p...I have about 200 of these (in 20 hours) on my DA:
May 18 21:06:05.183 [warn] crypto error while reading public key from string: too long (in asn1 encoding routines:ASN1_get_object)
May 18 21:06:05.183 [warn] crypto error while reading public key from string: bad object header (in asn1 encoding routines:ASN1_CHECK_TLEN)
May 18 21:06:05.183 [warn] crypto error while reading public key from string: nested asn1 error (in asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE)
May 18 21:06:05.183 [warn] crypto error while reading public key from string: nested asn1 error (in asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I)
May 18 21:06:05.183 [warn] crypto error while reading public key from string: ASN1 lib (in PEM routines:PEM_ASN1_read_bio)
May 18 21:06:05.183 [warn] parse error: Couldn't parse public key.
May 18 21:06:05.183 [warn] Error tokenizing router descriptor.
May 18 21:06:05.183 [warn] Error reading extra-info: signature does not match.Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3311Log message indicating HS descriptor uploads have been started is misleading2020-06-27T14:08:14ZRobert RansomLog message indicating HS descriptor uploads have been started is misleading```
May 28 02:19:04.211 [info] upload_service_descriptor(): Sending publish request for hidden service o6nqpitsgxepq4se
May 28 02:19:04.214 [info] directory_post_to_hs_dir(): Sending publish request for v2 descriptor for service '[scrubb...```
May 28 02:19:04.211 [info] upload_service_descriptor(): Sending publish request for hidden service o6nqpitsgxepq4se
May 28 02:19:04.214 [info] directory_post_to_hs_dir(): Sending publish request for v2 descriptor for service '[scrubbed]' with descriptor ID '[scrubbed]' with validity of 7631 seconds to hidden service directory 'aminGL' on 80.217.179.115:9001.
...
May 28 02:19:04.260 [info] upload_service_descriptor(): Successfully uploaded v2 rend descriptors!
May 28 02:19:09.554 [info] connection_dir_client_reached_eof(): Uploaded rendezvous descriptor (status 200 ("Service descriptor (v2) stored"))
...
May 28 02:19:18.274 [info] connection_dir_client_reached_eof(): Received http status code 503 ("Currently not acting as v2 hidden service directory") from server '91.208.34.24:443'. I'll try again soon.
```Tor: 0.2.3.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3317Tor should lock its HiddenServiceDirs2022-06-24T16:02:47ZRobert RansomTor should lock its HiddenServiceDirsWe added a simple string comparison to keep me`^W`users from shooting themselves in their feet by specifying two hidden services with the same HiddenServiceDir in the same torrc, but someday we should also put a lock file in every Hidden...We added a simple string comparison to keep me`^W`users from shooting themselves in their feet by specifying two hidden services with the same HiddenServiceDir in the same torrc, but someday we should also put a lock file in every HiddenServiceDir to prevent users from shooting themselves in their feet in more elaborate ways (e.g. using symlinks, or shared network filesystems, or multiple Tor instances).
The lock file will need to be named something other than `lock` (perhaps `hslock`), so that this won't break currently valid (but imprudent) configurations that use Tor's DataDirectory as the HiddenServiceDir for a hidden service.https://gitlab.torproject.org/tpo/core/tor/-/issues/3318Incorrect log message in token_check_object2020-06-27T14:08:14ZRobert RansomIncorrect log message in token_check_object```
[00:49:06] <wanoskarnet> token_check_object(): "Wrong size on key for %s: %d bits". crypto_pk_keysize() counts a bytes not a bits.
``````
[00:49:06] <wanoskarnet> token_check_object(): "Wrong size on key for %s: %d bits". crypto_pk_keysize() counts a bytes not a bits.
```Tor: 0.2.2.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3325Log message when a client tries to connect to an invalid hostname is incorrect2020-06-27T14:08:13ZRobert RansomLog message when a client tries to connect to an invalid hostname is incorrectIn `connection_ap_handshake_rewrite_and_attach`:
```
addresstype = parse_extended_hostname(socks->address,
remapped_to_exit || options->AllowDotExit);
if (addresstype == BAD_HOSTNAME) {
log_warn(LD_APP, ...In `connection_ap_handshake_rewrite_and_attach`:
```
addresstype = parse_extended_hostname(socks->address,
remapped_to_exit || options->AllowDotExit);
if (addresstype == BAD_HOSTNAME) {
log_warn(LD_APP, "Invalid onion hostname %s; rejecting",
safe_str_client(socks->address));
```
`parse_extended_hostname` also returns `BAD_HOSTNAME` for `.exit` hostnames when AllowDotExit is off.
Also, `parse_extended_hostname`'s documentation comment does not mention `BAD_HOSTNAME`.Tor: 0.2.3.x-finalRobert RansomRobert Ransomhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3336Log option does not recognize ‘heartbeat’ as a log domain2020-06-27T14:08:12ZRobert RansomLog option does not recognize ‘heartbeat’ as a log domain```
setconf Log="[rend,heartbeat]debug notice stdout"
```
```
Jun 02 06:28:04.000 [warn] No such logging domain as heartbeat
Jun 02 06:28:04.000 [warn] Couldn't parse log levels in Log option 'Log [rend,heartbeat]debug notice stdout'
Ju...```
setconf Log="[rend,heartbeat]debug notice stdout"
```
```
Jun 02 06:28:04.000 [warn] No such logging domain as heartbeat
Jun 02 06:28:04.000 [warn] Couldn't parse log levels in Log option 'Log [rend,heartbeat]debug notice stdout'
Jun 02 06:28:04.000 [warn] Controller gave us config lines that didn't validate: Failed to validate Log options. See logs for details.
```Tor: 0.2.3.x-finalGeorge KadianakisGeorge Kadianakishttps://gitlab.torproject.org/tpo/core/tor/-/issues/3349No SIGNAL controller event sent when delayed SIGNAL NEWNYM is handled2020-06-27T14:08:12ZRobert RansomNo SIGNAL controller event sent when delayed SIGNAL NEWNYM is handled```
signal newnym
250 OK
650 SIGNAL NEWNYM
signal newnym
250 OK
```
(I waited for well over 10 seconds; no ‘`650 SIGNAL NEWNYM`’ appeared.)```
signal newnym
250 OK
650 SIGNAL NEWNYM
signal newnym
250 OK
```
(I waited for well over 10 seconds; no ‘`650 SIGNAL NEWNYM`’ appeared.)Tor: 0.2.3.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3442non-relays shouldn't mark_my_descriptor_dirty2020-06-27T14:08:08ZRoger Dingledinenon-relays shouldn't mark_my_descriptor_dirtyMy Tor client just said
```
Jun 21 01:49:16.968 [info] mark_my_descriptor_dirty(): Decided to publish new relay descriptor: time for new descriptor
```
This statement is false.My Tor client just said
```
Jun 21 01:49:16.968 [info] mark_my_descriptor_dirty(): Decided to publish new relay descriptor: time for new descriptor
```
This statement is false.Tor: 0.2.3.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3512Functions that perform hostname lookup should be clearly labeled2020-06-27T14:08:06ZNick MathewsonFunctions that perform hostname lookup should be clearly labeledQuick quiz: which of the following might do a DNS lookup, and which don't?
A. tor_addr_port_parse()
B. parse_addr_port()
C. tor_addr_lookup()
D. tor_addr_parse_mask_ports()
E. tor_addr_from_str()
F. parse_addr_and_port_range()
If remem...Quick quiz: which of the following might do a DNS lookup, and which don't?
A. tor_addr_port_parse()
B. parse_addr_port()
C. tor_addr_lookup()
D. tor_addr_parse_mask_ports()
E. tor_addr_from_str()
F. parse_addr_and_port_range()
If remembered that A, B, and C can do DNS lookups, but that D, E, and F don't do DNS lookups, then you have a better memory than I.
We should rename the functions here so that everything that does a resolve has "resolve" or "lookup" in its name, and everything that only has "parse" in its name is parsing-only. We should also audit our use of the resolving functions to make sure that we're not calling any of them any place that we shouldn't.
The renaming should hold off till after we've merged the IPv6 conversion, since that touches almost all of the code we'd want to alter here.Tor: 0.2.3.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3566Should controller events respect SafeLogging 1 torrc option?2020-07-24T12:51:40ZTracShould controller events respect SafeLogging 1 torrc option?Vidalia seems not to scrub addresses ignoring SafeLogging directive set in the torrc config file : the first one is the event logged by Vidalia , the second one is the same event logged by Tor while pulling tor git tree with tsocks ( 'us...Vidalia seems not to scrub addresses ignoring SafeLogging directive set in the torrc config file : the first one is the event logged by Vidalia , the second one is the same event logged by Tor while pulling tor git tree with tsocks ( 'usewithtor git pull' on the command line )
[...same time...] Potentially Dangerous Connection! - One of your applications established a connection through Tor to "38.229.70.11:9418" using a protocol that may leak information about your destination. Please ensure you configure your applications to use only SOCKS4a or SOCKS5 with remote hostname resolution.
...same time... [warn] Your application (using socks5 to port 9418) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.
**Trac**:
**Username**: tornewbieTor: unspecifiedTomas ToucedaTomas Toucedahttps://gitlab.torproject.org/tpo/core/tor/-/issues/3569Refactor socks parsing2021-09-16T14:36:24ZNick MathewsonRefactor socks parsingThe function parse_socks and its interactions with the functions that call it have grown nigh-unmaintainably complex. Let's replace it with a simple, more linear function. Key points:
* State should be kept explicitly. Let's forget...The function parse_socks and its interactions with the functions that call it have grown nigh-unmaintainably complex. Let's replace it with a simple, more linear function. Key points:
* State should be kept explicitly. Let's forget this "if the socks version is set, we've parsed this much, ..." business.
* The function should dispatch first on state, next on anything else.
* We should think of a much better interface; the functions that call parse_socks have grown way too tricky.Tor: 0.3.5.x-finalrl1987rl1987https://gitlab.torproject.org/tpo/core/tor/-/issues/3770Clear last_hid_serv_requests table on clock jump2020-06-27T14:07:54ZRobert RansomClear last_hid_serv_requests table on clock jumpTor: 0.2.3.x-finalRobert RansomRobert Ransomhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3771Man page does not say that HiddenServiceDir must already exist2021-07-22T16:26:22ZRobert RansomMan page does not say that HiddenServiceDir must already existTor: 0.2.2.x-finalRobert RansomRobert Ransomhttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40016Cannot choose language on mobile2021-03-02T10:33:39ZstephwCannot choose language on mobileThe entire language list is not accessible on mobile.
https://twitter.com/glotzbach/status/1111165746623799296The entire language list is not accessible on mobile.
https://twitter.com/glotzbach/status/1111165746623799296https://gitlab.torproject.org/tpo/core/tor/-/issues/3842Missing signal/names option2020-06-27T14:07:49ZDamian JohnsonMissing signal/names optionWe have GETINFO options for the recognized input of just about all the controller commands via...
info/names
config/names
events/names
features/names
The only thing missing is the SIGNAL values (ie, a "GETINFO signal/names").We have GETINFO options for the recognized input of just about all the controller commands via...
info/names
config/names
events/names
features/names
The only thing missing is the SIGNAL values (ie, a "GETINFO signal/names").Tor: 0.2.4.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3844Anomalies in info/names results2020-06-27T14:07:49ZDamian JohnsonAnomalies in info/names resultsIssuing a "GETINFO info/names" request includes...
config/* -- Current configuration values.
However, no config/* option exists (there's "config/names" but that has its own entry). This is from a prefix entry in the getinfo_items of con...Issuing a "GETINFO info/names" request includes...
config/* -- Current configuration values.
However, no config/* option exists (there's "config/names" but that has its own entry). This is from a prefix entry in the getinfo_items of control.c:
https://gitweb.torproject.org/tor.git/blob/HEAD:/src/or/control.c#l2024Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3876Simplify format_win_commandline_argument() implementation.2021-09-16T14:36:24ZNick MathewsonSimplify format_win_commandline_argument() implementation.In format_win_commandline_argument(), it would be neat to skip the business of building a smartlist of char*, and just pre-allocate a guaranteed-to-be-long-enough string -- I think that strlen(arg)*2 + 3 would be long enough, since each ...In format_win_commandline_argument(), it would be neat to skip the business of building a smartlist of char*, and just pre-allocate a guaranteed-to-be-long-enough string -- I think that strlen(arg)*2 + 3 would be long enough, since each character in the input turns into at most 2 characters in the output, and there are at most 3 characters of overhead: 1 for the nul-terminator, 2 for quotes.
This would actually use less RAM, since it only needs to allocate ~2 bytes per character, as opposed to 4 or 8 bytes per char*. Not that it matters -- we don't allocate a lot of these.Tor: unspecifiedSteven MurdochSteven Murdochhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3908Tor should show its Git commit hash on startup2020-06-27T14:07:47ZRobert RansomTor should show its Git commit hash on startupTor's Git commit hash is compiled into it, and is published in relay/bridge descriptors, but is not shown in the version-information log message on startup. It should be.Tor's Git commit hash is compiled into it, and is published in relay/bridge descriptors, but is not shown in the version-information log message on startup. It should be.https://gitlab.torproject.org/tpo/core/tor/-/issues/3964'--service install' ignores all other command-line arguments2021-07-22T16:26:23ZRobert Ransom'--service install' ignores all other command-line argumentsI ran `tor --service install -f C:/WORK/Tor/etc/torrc` as a Windows administrator, and it created a Windows NT service to run the command '`"C:\WORK\Tor\bin\tor.exe" --nt-service`'. It should have included '`-f C:/WORK/Tor/etc/torrc`' o...I ran `tor --service install -f C:/WORK/Tor/etc/torrc` as a Windows administrator, and it created a Windows NT service to run the command '`"C:\WORK\Tor\bin\tor.exe" --nt-service`'. It should have included '`-f C:/WORK/Tor/etc/torrc`' on the service's command line.Tor: 0.2.3.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/4018warn_nonlocal_client_ports should use tor_addr_is_internal, not _is_loopback2020-06-27T14:07:44ZRobert Ransomwarn_nonlocal_client_ports should use tor_addr_is_internal, not _is_loopback```
Sep 14 04:11:29.518 [notice] Tor v0.2.3.4-alpha (git-5f4f727d58daa194). This is experimental software. Do not rely on it for strong anonymity. (Running on OpenBSD i386)
Sep 14 04:11:29.519 [notice] Read configuration file "/etc/tor/t...```
Sep 14 04:11:29.518 [notice] Tor v0.2.3.4-alpha (git-5f4f727d58daa194). This is experimental software. Do not rely on it for strong anonymity. (Running on OpenBSD i386)
Sep 14 04:11:29.519 [notice] Read configuration file "/etc/tor/torrc".
Sep 14 04:11:29.519 [warn] You specified a public address for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Sep 14 04:11:29.521 [warn] It's a little hard to tell, but you seem to have Libevent 1.4.0-beta header files, whereas you have linked against Libevent 1.4.14b-stable. This will probably make Tor crash.
Sep 14 04:11:29.523 [notice] Initialized libevent version 1.4.14b-stable using method kqueue. Good.
Sep 14 04:11:29.524 [warn] You specified a public address for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Sep 14 04:11:29.524 [notice] Opening Socks listener on 127.0.0.1:9050
Sep 14 04:11:29.524 [notice] Opening Socks listener on 192.168.7.1:9050
Sep 14 04:11:29.524 [notice] Opening Control listener on 127.0.0.1:9071
```
Reported by Tas.Tor: 0.2.3.x-finalRobert RansomRobert Ransom