Closes ticket 32732.

This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        address_ttl_s address_ttl_t \
        aes_cnt_cipher aes_cnt_cipher_t \
        authchallenge_data_s authchallenge_data_t \
        authenticate_data_s authenticate_data_t \
        cached_bw_event_s cached_bw_event_t \
        cbuf cbuf_t \
        cell_ewma_s cell_ewma_t \
        certs_data_s certs_data_t \
        channel_idmap_entry_s channel_idmap_entry_t \
        channel_listener_s channel_listener_t \
        channel_s channel_t \
        channel_tls_s channel_tls_t \
        circuit_build_times_s circuit_build_times_t \
        circuit_muxinfo_s circuit_muxinfo_t \
        circuitmux_policy_circ_data_s circuitmux_policy_circ_data_t \
        circuitmux_policy_data_s circuitmux_policy_data_t \
        circuitmux_policy_s circuitmux_policy_t \
        circuitmux_s circuitmux_t \
        coord coord_t \
        cpuworker_job_u cpuworker_job_u_t \
        cv_testinfo_s cv_testinfo_t \
        ddmap_entry_s ddmap_entry_t \
        dircollator_s dircollator_t \
        dist_ops dist_ops_t \
        ecdh_work_s ecdh_work_t \
        ewma_policy_circ_data_s ewma_policy_circ_data_t \
        ewma_policy_data_s ewma_policy_data_t \
        fp_pair_map_entry_s fp_pair_map_entry_t \
        fp_pair_map_s fp_pair_map_t \
        guard_selection_s guard_selection_t \
        mbw_cache_entry_s mbw_cache_entry_t \
        outbuf_table_ent_s outbuf_table_ent_t \
        queued_event_s queued_event_t \
        replyqueue_s replyqueue_t \
        rsa_work_s rsa_work_t \
        sandbox_cfg_elem sandbox_cfg_elem_t \
        scheduler_s scheduler_t \
        smp_param smp_param_t \
        socket_table_ent_s socket_table_ent_t \
        state_s state_t \
        threadpool_s threadpool_t \
        timeout_cb timeout_cb_t \
        tor_libevent_cfg tor_libevent_cfg_t \
        tor_threadlocal_s tor_threadlocal_t \
        url_table_ent_s url_table_ent_t \
        worker_state_s worker_state_t \
        workerthread_s workerthread_t \
        workqueue_entry_s workqueue_entry_t

Coverity has had trouble figuring out our csiphash implementation,
and has given spurious warnings about its behavior.

This patch changes the csiphash implementation when coverity is in
use, so that coverity can figure out that we are not about to read
beyond the provided input.

Closes ticket 31025.

This is to avoid having two sendme.{c|h} in the repository since the subsystem
is implemented in src/core/or/sendme.{c|h}.

Fixes #30769

Signed-off-by: David Goulet <dgoulet@torproject.org>

The function compat_getdelim_ is used for tor_getline if tor is compiled
on a system that lacks getline and getdelim. These systems should be
very rare, considering that getdelim is POSIX.

If this system is further a 32 bit architecture, it is possible to
trigger a double free with huge files.

If bufsiz has been already increased to 2 GB, the next chunk would
be 4 GB in size, which wraps around to 0 due to 32 bit limitations.

A realloc(*buf, 0) could be imagined as "free(*buf); return malloc(0);"
which therefore could return NULL. The code in question considers
that an error, but will keep the value of *buf pointing to already
freed memory.

The caller of tor_getline() would free the pointer again, therefore
leading to a double free.

This code can only be triggered in dirserv_read_measured_bandwidths
with a huge measured bandwith list file on a system that actually
allows to reach 2 GB of space through realloc.

It is not possible to trigger this on Linux with glibc or other major
*BSD systems even on unit tests, because these systems cannot reach
so much memory due to memory fragmentation.

This patch is effectively based on the penetration test report of
cure53 for curl available at https://cure53.de/pentest-report_curl.pdf
and explained under section "CRL-01-007 Double-free in aprintf() via
unsafe size_t multiplication (Medium)".

Closes ticket 28806.

Part of 28837.

Kris Katterjohn authored 6 years ago and Nick Mathewson committed 6 years ago

Prior to this commit, the testsuite was failing on OpenBSD.  After
this commit the testsuite runs fine on OpenBSD.

It was previously decided to test for the OpenBSD macro (rather than
__OpenBSD__, etc.) because OpenBSD forks seem to have the former
macro defined.  sys/param.h must be included for the OpenBSD macro
definition; however, many files tested for the OpenBSD macro without
having this header included.

This commit includes sys/param.h in the files where the OpenBSD macro
is used (and sys/param.h is not already included), and it also
changes some instances of the __OpenBSD__ macro to OpenBSD.

See commit 27df23ab which changed
everything to use OpenBSD instead of __OpenBSD__ or OPENBSD.  See
also tickets #6982 and #20980 (the latter ticket is where it was
decided to use the OpenBSD macro).

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>

Also, resolve a circular dependency involving the use of lib/log by
csiphash.c.

It's possible for a unit test to report success via its pipe, but to
fail as it tries to clean up and exit.  Notably, this happens on a
leak sanitizer failure.

Fixes bug 27658; bugfix on 0.2.2.4-alpha when tinytest was
introduced.

OSS-Fuzz's version of memorysanitizer can't tell that this value is
not going to be used unsafely.

We need this in our unit tests, since otherwise NSS will notice
we've forked and start cussing us out.

I suspect we'll need a different hack for daemonizing, but this
should be enough for tinytest to work.

See: https://bugs.torproject.org/26437

We shouldn't actually need this code nearly anywhere we build:
getdelim is POSIX, and mingw provides it.

Previously the coverage on this function was mostly accidental,
coming as it did from test_entryconn.c.  These new tests use mocking
to ensure that we actually hit the different failure and retry cases
of addressmap_get_virtual_address(), and make our test coverage a
bit more deterministic.

Closes ticket 25993.

 * FIXES part of #26024: https://bugs.torproject.org/26024

 * FIXES part of #24658: https://bugs.torproject.org/24658

 * ADD new /src/common/crypto_rand.[ch] module.
 * ADD new /src/common/crypto_util.[ch] module (contains the memwipe()
   function, since all crypto_* modules need this).
 * FIXES part of #24658: https://bugs.torproject.org/24658

Isis Lovecruft authored 7 years ago and Nick Mathewson committed 7 years ago

Requires the update/libc-0.2.39 branch from
https://github.com/isislovecruft/tor-rust-dependencies to be merged
first.

Included crypto_digest.h in some files in order to solve xof+digest module
dependency issues. Removed crypto.h where it isn't needed anymore.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>