Unverified Commit 20943d00 authored by teor's avatar teor
Browse files

Merge branch 'maint-0.3.5' into maint-0.4.0

parents a1d8409e d253b31c
o Minor bugfixes (circuit isolation):
- Fix a logic error that prevented the SessionGroup sub-option from
being accepted. Fixes bug 22619; bugfix on 0.2.7.2-alpha.
o Major bugfixes (Onion service reachability):
- Properly clean up the introduction point map when circuits change purpose
from onion service circuits to pathbias, measurement, or other circuit types.
This should fix some service-side instances of introduction point failure.
Fixes bug 29034; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (configuration, proxies):
- Fix a bug that prevented us from supporting SOCKS5 proxies that want
authentication along with configued (but unused!)
ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha.
o Major bugfixes (bridges):
- Do not count previously configured working bridges towards our total of
working bridges. Previously, when Tor's list of bridges changed, it
would think that the old bridges were still usable, and delay fetching
router descriptors for the new ones. Fixes part of bug 29875; bugfix
on 0.3.0.1-alpha.
- Consider our directory information to have changed when our list of
bridges changes. Previously, Tor would not re-compute the status of its
directory information when bridges changed, and therefore would not
realize that it was no longer able to build circuits. Fixes part of bug
29875.
o Minor bugfixes (memory leak):
- Avoid a minor memory leak that could occur on relays when
creating a keys directory failed. Fixes bug 30148; bugfix on
0.3.3.1-alpha.
o Minor bugfixes (lib):
do not log a warning for OpenSSL versions that should be compatible
Fixes bug 30190; bugfix on 0.2.4.2-alpha
o Minor bugfixes (out-of-memory handler):
- When purging the DNS cache because of an out-of-memory condition,
try purging just the older entries at first. Previously, we would
purge the whole thing. Fixes bug 29617; bugfix on 0.3.5.1-alpha.
......@@ -2382,7 +2382,8 @@ options_act(const or_options_t *old_options)
if (!bool_eq(directory_fetches_dir_info_early(options),
directory_fetches_dir_info_early(old_options)) ||
!bool_eq(directory_fetches_dir_info_later(options),
directory_fetches_dir_info_later(old_options))) {
directory_fetches_dir_info_later(old_options)) ||
!config_lines_eq(old_options->Bridges, options->Bridges)) {
/* Make sure update_router_have_minimum_dir_info() gets called. */
router_dir_info_changed();
/* We might need to download a new consensus status later or sooner than
......@@ -7071,7 +7072,7 @@ parse_port_config(smartlist_t *out,
if (!strcasecmpstart(elt, "SessionGroup=")) {
int group = (int)tor_parse_long(elt+strlen("SessionGroup="),
10, 0, INT_MAX, &ok, NULL);
if (!ok || !allow_no_stream_options) {
if (!ok || allow_no_stream_options) {
log_warn(LD_CONFIG, "Invalid %sPort option '%s'",
portname, escaped(elt));
goto err;
......
......@@ -182,7 +182,7 @@ static const char *connection_proxy_state_to_string(int state);
static int connection_read_https_proxy_response(connection_t *conn);
static void connection_send_socks5_connect(connection_t *conn);
static const char *proxy_type_to_string(int proxy_type);
static int get_proxy_type(void);
static int conn_get_proxy_type(const connection_t *conn);
const tor_addr_t *conn_get_outbound_address(sa_family_t family,
const or_options_t *options, unsigned int conn_type);
static void reenable_blocked_connection_init(const or_options_t *options);
......@@ -2282,18 +2282,27 @@ connection_proxy_state_to_string(int state)
return states[state];
}
/** Returns the global proxy type used by tor. Use this function for
* logging or high-level purposes, don't use it to fill the
/** Returns the proxy type used by tor for a single connection, for
* logging or high-level purposes. Don't use it to fill the
* <b>proxy_type</b> field of or_connection_t; use the actual proxy
* protocol instead.*/
static int
get_proxy_type(void)
conn_get_proxy_type(const connection_t *conn)
{
const or_options_t *options = get_options();
if (options->ClientTransportPlugin)
return PROXY_PLUGGABLE;
else if (options->HTTPSProxy)
if (options->ClientTransportPlugin) {
/* If we have plugins configured *and* this addr/port is a known bridge
* with a transport, then we should be PROXY_PLUGGABLE. */
const transport_t *transport = NULL;
int r;
r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
if (r == 0 && transport)
return PROXY_PLUGGABLE;
}
/* In all other cases, we're using a global proxy. */
if (options->HTTPSProxy)
return PROXY_CONNECT;
else if (options->Socks4Proxy)
return PROXY_SOCKS4;
......@@ -2380,7 +2389,7 @@ connection_proxy_connect(connection_t *conn, int type)
arguments to transmit. If we do, compress all arguments to
a single string in 'socks_args_string': */
if (get_proxy_type() == PROXY_PLUGGABLE) {
if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
socks_args_string =
pt_get_socks_args_for_proxy_addrport(&conn->addr, conn->port);
if (socks_args_string)
......@@ -2440,7 +2449,7 @@ connection_proxy_connect(connection_t *conn, int type)
Socks5ProxyUsername or if we want to pass arguments to our
pluggable transport proxy: */
if ((options->Socks5ProxyUsername) ||
(get_proxy_type() == PROXY_PLUGGABLE &&
(conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
(get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
/* number of auth methods */
buf[1] = 2;
......@@ -2633,16 +2642,16 @@ connection_read_proxy_handshake(connection_t *conn)
const char *user, *pass;
char *socks_args_string = NULL;
if (get_proxy_type() == PROXY_PLUGGABLE) {
if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
socks_args_string =
pt_get_socks_args_for_proxy_addrport(&conn->addr, conn->port);
if (!socks_args_string) {
log_warn(LD_NET, "Could not create SOCKS args string.");
log_warn(LD_NET, "Could not create SOCKS args string for PT.");
ret = -1;
break;
}
log_debug(LD_NET, "SOCKS5 arguments: %s", socks_args_string);
log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
tor_assert(strlen(socks_args_string) > 0);
tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
......
......@@ -3078,6 +3078,12 @@ circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
circ->purpose,
circuit_purpose_to_string(new_purpose),
new_purpose);
/* Take specific actions if we are repurposing a hidden service circuit. */
if (circuit_purpose_is_hidden_service(circ->purpose) &&
!circuit_purpose_is_hidden_service(new_purpose)) {
hs_circ_cleanup(circ);
}
}
old_purpose = circ->purpose;
......
......@@ -3300,6 +3300,9 @@ num_bridges_usable,(int use_maybe_reachable))
}
SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) {
/* Not a bridge, or not one we are configured to be able to use. */
if (! guard->is_filtered_guard)
continue;
/* Definitely not usable */
if (guard->is_reachable == GUARD_REACHABLE_NO)
continue;
......
......@@ -2187,7 +2187,8 @@ dns_cache_handle_oom(time_t now, size_t min_remove_bytes)
current_size -= bytes_removed;
total_bytes_removed += bytes_removed;
time_inc += 3600; /* Increase time_inc by 1 hour. */
/* Increase time_inc by a reasonable fraction. */
time_inc += (MAX_DNS_TTL_AT_EXIT / 4);
} while (total_bytes_removed < min_remove_bytes);
return total_bytes_removed;
......
......@@ -188,7 +188,7 @@ load_ed_keys(const or_options_t *options, time_t now)
/* Check/Create the key directory */
if (create_keys_directory(options) < 0)
return -1;
goto err;
char *fname;
if (options->master_key_fname) {
......
......@@ -213,6 +213,14 @@ crypto_openssl_early_init(void)
!strcmp(version_str, OPENSSL_VERSION_TEXT)) {
log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
"(%lx: %s).", version_num, version_str);
} else if ((version_num & 0xffff0000) ==
(OPENSSL_VERSION_NUMBER & 0xffff0000)) {
log_notice(LD_CRYPTO,
"We compiled with OpenSSL %lx: %s and we "
"are running with OpenSSL %lx: %s. "
"These two versions should be binary compatible.",
(unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
version_num, version_str);
} else {
log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
"version we're running with. If you get weird crashes, that "
......
......@@ -4569,16 +4569,14 @@ test_config_parse_port_config__ports__ports_given(void *data)
"127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS);
tt_int_op(ret, OP_EQ, -1);
// TODO: this seems wrong. Shouldn't it be the other way around?
// Potential bug.
// Test failure for a SessionGroup argument with valid value but with stream
// options allowed
// Test failure for a SessionGroup argument with valid value but with no
// stream options allowed
config_free_lines(config_port_invalid); config_port_invalid = NULL;
SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
smartlist_clear(slout);
config_port_invalid = mock_config_line("DNSPort", "42 SessionGroup=123");
ret = parse_port_config(slout, config_port_invalid, "DNS", 0,
"127.0.0.44", 0, 0);
"127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS);
tt_int_op(ret, OP_EQ, -1);
// Test failure for more than one SessionGroup argument
......@@ -4588,7 +4586,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
config_port_invalid = mock_config_line("DNSPort", "42 SessionGroup=123 "
"SessionGroup=321");
ret = parse_port_config(slout, config_port_invalid, "DNS", 0,
"127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS);
"127.0.0.44", 0, 0);
tt_int_op(ret, OP_EQ, -1);
// Test success with a sessiongroup options
......@@ -4597,7 +4595,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
smartlist_clear(slout);
config_port_valid = mock_config_line("DNSPort", "42 SessionGroup=1111122");
ret = parse_port_config(slout, config_port_valid, "DNS", 0,
"127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS);
"127.0.0.44", 0, 0);
tt_int_op(ret, OP_EQ, 0);
tt_int_op(smartlist_len(slout), OP_EQ, 1);
port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment