1. 17 Sep, 2019 1 commit
    • Nick Mathewson's avatar
      Treat an unexpected constant-sized VERSIONS cell as a PROTOCOL_WARN. · 3c97ab3c
      Nick Mathewson authored
      We previously used tor_fragile_assert() to declare that this case
      could not happen: VERSIONS cells are always supposed to be
      variable-sized, right?
      This is incorrect, though.  On a v1 link protocol connection, all
      cells are fixed-sized.  There aren't supposed to be any VERSIONS
      cells with this version of the protocol, but apparently, somebody
      was messing up.  (The v1 link protocol is obsolete, so probably the
      implementer responsible didn't mean to be using it.)
      Fixes bug 31107.  Bugfix on, when we introduced a
      tor_fragile_assert() for this case.
  2. 08 Aug, 2019 1 commit
  3. 06 Aug, 2019 1 commit
    • Nick Mathewson's avatar
      Avoid using labs() on time_t in channeltls.c · 0849d2a2
      Nick Mathewson authored
      On some windows builds, time_t is 64 bits but long is not.  This is
      causing appveyor builds to fail.
      Also, one of our uses of labs() on time_t was logically incorrect:
      it was telling us to accept NETINFO cells up to three minutes
      _before_ the message they were responding to, which doesn't make
      This patch adds a time_abs() function that we should eventually move
      to intmath.h or something.  For now, though, it will make merges
      easier to have it file-local in channeltls.c.
      Fixes bug 31343; bugfix on
  4. 16 Feb, 2018 1 commit
    • Roger Dingledine's avatar
      backport to make channel_is_client() accurate · 8d5dcdbd
      Roger Dingledine authored and Nick Mathewson's avatar Nick Mathewson committed
      This commit takes a piece of commit af8cadf3 and a piece of commit
      46fe353f25, with the goal of making channel_is_client() be based on what
      sort of connection handshake the other side used, rather than seeing
      whether the other side ever sent a create_fast cell to us.
  5. 31 Jan, 2018 1 commit
  6. 18 Oct, 2016 1 commit
  7. 06 Sep, 2016 1 commit
    • Nick Mathewson's avatar
      checkSpace.pl now forbids more identifiers. · 5927ed8d
      Nick Mathewson authored
      The functions it warns about are:
        assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
        strdup, strndup, calloc.
      Also, fix a few lingering instances of these in the code. Use other
      conventions to indicate _intended_ use of assert and
  8. 02 Aug, 2016 1 commit
  9. 28 Jul, 2016 1 commit
  10. 11 Jun, 2016 4 commits
    • Nick Mathewson's avatar
      Add -Wmissing-variable-declarations, with attendant fixes · 53a3b39d
      Nick Mathewson authored
      This is a big-ish patch, but it's very straightforward.  Under this
      clang warning, we're not actually allowed to have a global variable
      without a previous extern declaration for it.  The cases where we
      violated this rule fall into three roughly equal groups:
        * Stuff that should have been static.
        * Stuff that was global but where the extern was local to some
          other C file.
        * Stuff that was only global when built for the unit tests, that
          needed a conditional extern in the headers.
      The first two were IMO genuine problems; the last is a wart of how
      we build tests.
    • Nick Mathewson's avatar
      Resolve some warnings from OSX clang. · c3adbf75
      Nick Mathewson authored
    • Nick Mathewson's avatar
      Use -Wdouble-promotion in GCC >= 4.6 · 8f2d2933
      Nick Mathewson authored
      This warning triggers on silently promoting a float to a double.  In
      our code, it's just a sign that somebody used a float by mistake,
      since we always prefer double.
    • Nick Mathewson's avatar
      Enable -Wnull-dereference (GCC >=6.1), and fix the easy cases · 4f8086fb
      Nick Mathewson authored
      This warning, IIUC, means that the compiler doesn't like it when it
      sees a NULL check _after_ we've already dereferenced the
      variable. In such cases, it considers itself free to eliminate the
      NULL check.
      There are a couple of tricky cases:
      One was the case related to the fact that tor_addr_to_in6() can
      return NULL if it gets a non-AF_INET6 address.  The fix was to
      create a variant which asserts on the address type, and never
      returns NULL.
  11. 28 Mar, 2016 1 commit
  12. 21 Mar, 2016 1 commit
  13. 27 Feb, 2016 2 commits
  14. 10 Feb, 2016 2 commits
    • Nick Mathewson's avatar
      Whitespace fixes · a8d69895
      Nick Mathewson authored
    • Nick Mathewson's avatar
      Rename crypto_digest_all, and digests_t. · 8a4bba06
      Nick Mathewson authored
      They are no longer "all" digests, but only the "common" digests.
      Part of 17795.
      This is an automated patch I made with a couple of perl one-liners:
        perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
        perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
  15. 11 Dec, 2015 1 commit
  16. 01 Jun, 2015 1 commit
  17. 28 May, 2015 3 commits
  18. 10 Mar, 2015 1 commit
  19. 24 Feb, 2015 1 commit
  20. 02 Jan, 2015 1 commit
  21. 21 Dec, 2014 2 commits
  22. 28 Nov, 2014 1 commit
  23. 30 Oct, 2014 1 commit
    • teor's avatar
      Silence spurious clang warnings · 13298d90
      teor authored
      Silence clang warnings under --enable-expensive-hardening, including:
        + implicit truncation of 64 bit values to 32 bit;
        + const char assignment to self;
        + tautological compare; and
        + additional parentheses around equality tests. (gcc uses these to
          silence assignment, so clang warns when they're present in an
          equality test. But we need to use extra parentheses in macros to
          isolate them from other code).
  24. 28 Oct, 2014 1 commit
  25. 01 Oct, 2014 4 commits
  26. 05 Sep, 2014 1 commit
  27. 11 Jun, 2014 1 commit
    • Nick Mathewson's avatar
      Give each or_connection_t a slightly randomized idle_timeout · 463f6628
      Nick Mathewson authored
      Instead of killing an or_connection_t that has had no circuits for
      the last 3 minutes, give every or_connection_t a randomized timeout,
      so that an observer can't so easily infer from the connection close
      time the time at which its last circuit closed.
      Also, increase the base timeout for canonical connections from 3
      minutes to 15 minutes.
      Fix for ticket 6799.
  28. 08 Apr, 2014 1 commit
    • Nick Mathewson's avatar
      Fix undefined behavior with pointer addition in channeltls.c · 092ac26e
      Nick Mathewson authored
      In C, it's a bad idea to do this:
         char *cp = array;
         char *end = array + array_len;
         /* .... */
         if (cp + 3 >= end) { /* out of bounds */ }
      because cp+3 might be more than one off the end of the array, and
      you are only allowed to construct pointers to the array elements,
      and to an element one past the end.  Instead you have to say
         if (cp - array + 3 >= array_len) { /* ... */ }
      or something like that.
      This patch fixes two of these: one in process_versions_cell
      introduced in, and one in process_certs_cell
      introduced in  These are both tracked under bug
      10363. "bobnomnom" found and reported both. See also 10313.
      In our code, this is likely to be a problem as we used it only if we
      get a nasty allocator that makes allocations end close to (void*)-1.
      But it's best not to have to worry about such things at all, so
      let's just fix all of these we can find.
  29. 08 Feb, 2014 1 commit