1. 23 Aug, 2020 1 commit
  2. 02 Jul, 2020 2 commits
  3. 06 May, 2020 5 commits
    • Nick Mathewson's avatar
      Use __attribute__((fallthrough)) rather than magic GCC comments. · c1167282
      Nick Mathewson authored
      GCC added an implicit-fallthrough warning a while back, where it
      would complain if you had a nontrivial "case:" block that didn't end
      with break, return, or something like that.  Clang recently added
      the same thing.
      
      GCC, however, would let you annotate a fall-through as intended by
      any of various magic "/* fall through */" comments.  Clang, however,
      only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
      accepts that too.
      
      A previous commit in this branch defined a FALLTHROUGH macro to do
      the right thing if GNUC is defined; here we replace all of our "fall
      through" comments with uses of that macro.
      
      This is an automated commit, made with the following perl one-liner:
      
        #!/usr/bin/perl -i -p
        s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
      
      (In order to avoid conflicts, I'm applying this script separately to
      each maint branch. This is the 0.4.3 version.)
      c1167282
    • Nick Mathewson's avatar
      Use __attribute__((fallthrough)) rather than magic GCC comments. · 28ac17f4
      Nick Mathewson authored
      GCC added an implicit-fallthrough warning a while back, where it
      would complain if you had a nontrivial "case:" block that didn't end
      with break, return, or something like that.  Clang recently added
      the same thing.
      
      GCC, however, would let you annotate a fall-through as intended by
      any of various magic "/* fall through */" comments.  Clang, however,
      only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
      accepts that too.
      
      A previous commit in this branch defined a FALLTHROUGH macro to do
      the right thing if GNUC is defined; here we replace all of our "fall
      through" comments with uses of that macro.
      
      This is an automated commit, made with the following perl one-liner:
      
        #!/usr/bin/perl -i -p
        s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
      
      (In order to avoid conflicts, I'm applying this script separately to
      each maint branch. This is the 0.4.2 version.)
      28ac17f4
    • Nick Mathewson's avatar
      Use __attribute__((fallthrough)) rather than magic GCC comments. · 79ff2b6a
      Nick Mathewson authored
      GCC added an implicit-fallthrough warning a while back, where it
      would complain if you had a nontrivial "case:" block that didn't end
      with break, return, or something like that.  Clang recently added
      the same thing.
      
      GCC, however, would let you annotate a fall-through as intended by
      any of various magic "/* fall through */" comments.  Clang, however,
      only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
      accepts that too.
      
      A previous commit in this branch defined a FALLTHROUGH macro to do
      the right thing if GNUC is defined; here we replace all of our "fall
      through" comments with uses of that macro.
      
      This is an automated commit, made with the following perl one-liner:
      
        #!/usr/bin/perl -i -p
        s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
      
      (In order to avoid conflicts, I'm applying this script separately to
      each maint branch. This is the 0.4.1 version.)
      79ff2b6a
    • Nick Mathewson's avatar
      Use __attribute__((fallthrough)) rather than magic GCC comments. · cc397449
      Nick Mathewson authored
      GCC added an implicit-fallthrough warning a while back, where it
      would complain if you had a nontrivial "case:" block that didn't end
      with break, return, or something like that.  Clang recently added
      the same thing.
      
      GCC, however, would let you annotate a fall-through as intended by
      any of various magic "/* fall through */" comments.  Clang, however,
      only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
      accepts that too.
      
      A previous commit in this branch defined a FALLTHROUGH macro to do
      the right thing if GNUC is defined; here we replace all of our "fall
      through" comments with uses of that macro.
      
      This is an automated commit, made with the following perl one-liner:
      
        #!/usr/bin/perl -i -p
        s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
      cc397449
    • Nick Mathewson's avatar
      include compat_compiler for ed25519_donna · 37b8324e
      Nick Mathewson authored
      37b8324e
  4. 10 Feb, 2020 1 commit
  5. 28 Jan, 2020 1 commit
  6. 09 Jan, 2020 3 commits
  7. 12 Dec, 2019 1 commit
  8. 21 Nov, 2019 1 commit
  9. 07 Nov, 2019 1 commit
    • Nick Mathewson's avatar
      Make all our struct names end with "_t". · 4845ab53
      Nick Mathewson authored
      This is an automated commit, generated by this command:
      
      ./scripts/maint/rename_c_identifier.py \
              address_ttl_s address_ttl_t \
              aes_cnt_cipher aes_cnt_cipher_t \
              authchallenge_data_s authchallenge_data_t \
              authenticate_data_s authenticate_data_t \
              cached_bw_event_s cached_bw_event_t \
              cbuf cbuf_t \
              cell_ewma_s cell_ewma_t \
              certs_data_s certs_data_t \
              channel_idmap_entry_s channel_idmap_entry_t \
              channel_listener_s channel_listener_t \
              channel_s channel_t \
              channel_tls_s channel_tls_t \
              circuit_build_times_s circuit_build_times_t \
              circuit_muxinfo_s circuit_muxinfo_t \
              circuitmux_policy_circ_data_s circuitmux_policy_circ_data_t \
              circuitmux_policy_data_s circuitmux_policy_data_t \
              circuitmux_policy_s circuitmux_policy_t \
              circuitmux_s circuitmux_t \
              coord coord_t \
              cpuworker_job_u cpuworker_job_u_t \
              cv_testinfo_s cv_testinfo_t \
              ddmap_entry_s ddmap_entry_t \
              dircollator_s dircollator_t \
              dist_ops dist_ops_t \
              ecdh_work_s ecdh_work_t \
              ewma_policy_circ_data_s ewma_policy_circ_data_t \
              ewma_policy_data_s ewma_policy_data_t \
              fp_pair_map_entry_s fp_pair_map_entry_t \
              fp_pair_map_s fp_pair_map_t \
              guard_selection_s guard_selection_t \
              mbw_cache_entry_s mbw_cache_entry_t \
              outbuf_table_ent_s outbuf_table_ent_t \
              queued_event_s queued_event_t \
              replyqueue_s replyqueue_t \
              rsa_work_s rsa_work_t \
              sandbox_cfg_elem sandbox_cfg_elem_t \
              scheduler_s scheduler_t \
              smp_param smp_param_t \
              socket_table_ent_s socket_table_ent_t \
              state_s state_t \
              threadpool_s threadpool_t \
              timeout_cb timeout_cb_t \
              tor_libevent_cfg tor_libevent_cfg_t \
              tor_threadlocal_s tor_threadlocal_t \
              url_table_ent_s url_table_ent_t \
              worker_state_s worker_state_t \
              workerthread_s workerthread_t \
              workqueue_entry_s workqueue_entry_t
      4845ab53
  10. 05 Sep, 2019 1 commit
  11. 28 Jun, 2019 1 commit
    • Nick Mathewson's avatar
      Coverity: different implementation for csiphash · f55598f8
      Nick Mathewson authored
      Coverity has had trouble figuring out our csiphash implementation,
      and has given spurious warnings about its behavior.
      
      This patch changes the csiphash implementation when coverity is in
      use, so that coverity can figure out that we are not about to read
      beyond the provided input.
      
      Closes ticket 31025.
      f55598f8
  12. 11 Jun, 2019 1 commit
  13. 15 May, 2019 1 commit
  14. 10 Apr, 2019 1 commit
    • Tobias Stoeckmann's avatar
      Prevent double free on huge files with 32 bit. · 9ce0bdd2
      Tobias Stoeckmann authored
      The function compat_getdelim_ is used for tor_getline if tor is compiled
      on a system that lacks getline and getdelim. These systems should be
      very rare, considering that getdelim is POSIX.
      
      If this system is further a 32 bit architecture, it is possible to
      trigger a double free with huge files.
      
      If bufsiz has been already increased to 2 GB, the next chunk would
      be 4 GB in size, which wraps around to 0 due to 32 bit limitations.
      
      A realloc(*buf, 0) could be imagined as "free(*buf); return malloc(0);"
      which therefore could return NULL. The code in question considers
      that an error, but will keep the value of *buf pointing to already
      freed memory.
      
      The caller of tor_getline() would free the pointer again, therefore
      leading to a double free.
      
      This code can only be triggered in dirserv_read_measured_bandwidths
      with a huge measured bandwith list file on a system that actually
      allows to reach 2 GB of space through realloc.
      
      It is not possible to trigger this on Linux with glibc or other major
      *BSD systems even on unit tests, because these systems cannot reach
      so much memory due to memory fragmentation.
      
      This patch is effectively based on the penetration test report of
      cure53 for curl available at https://cure53.de/pentest-report_curl.pdf
      and explained under section "CRL-01-007 Double-free in aprintf() via
      unsafe size_t multiplication (Medium)".
      9ce0bdd2
  15. 28 Mar, 2019 1 commit
  16. 17 Jan, 2019 1 commit
  17. 16 Jan, 2019 2 commits
  18. 09 Jan, 2019 1 commit
    • Kris Katterjohn's avatar
      Fix (and make consistent) the use of OpenBSD preprocessor macro tests · c13a81f7
      Kris Katterjohn authored and Nick Mathewson's avatar Nick Mathewson committed
      Prior to this commit, the testsuite was failing on OpenBSD.  After
      this commit the testsuite runs fine on OpenBSD.
      
      It was previously decided to test for the OpenBSD macro (rather than
      __OpenBSD__, etc.) because OpenBSD forks seem to have the former
      macro defined.  sys/param.h must be included for the OpenBSD macro
      definition; however, many files tested for the OpenBSD macro without
      having this header included.
      
      This commit includes sys/param.h in the files where the OpenBSD macro
      is used (and sys/param.h is not already included), and it also
      changes some instances of the __OpenBSD__ macro to OpenBSD.
      
      See commit 27df23ab
      
       which changed
      everything to use OpenBSD instead of __OpenBSD__ or OPENBSD.  See
      also tickets #6982 and #20980 (the latter ticket is where it was
      decided to use the OpenBSD macro).
      Signed-off-by: default avatarKris Katterjohn <katterjohn@gmail.com>
      c13a81f7
  19. 14 Nov, 2018 2 commits
  20. 12 Sep, 2018 1 commit
  21. 11 Sep, 2018 1 commit
  22. 04 Sep, 2018 1 commit
  23. 13 Jul, 2018 2 commits
  24. 10 Jul, 2018 2 commits
  25. 29 Jun, 2018 1 commit
  26. 21 Jun, 2018 3 commits
  27. 20 Jun, 2018 1 commit