July 2011 - tor-commits - lists.torproject.org

[tor/release-0.2.2] Fix a rare memory leak in rend_cache_store
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit 46297bc7bd86826fa79195f36059ce408ef45b6c Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 11:52:39 2011 -0400 Fix a rare memory leak in rend_cache_store When we rejected a descriptor for not being the one we wanted, we were letting the parsed descriptor go out of scope. Found by Coverity; CID # 30. Bugfix on 0.2.1.26. (No changes file yet, since this is not in any 0.2.1.x release.) --- src/or/rendcommon.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index 8727a70..e0c101e 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1077,6 +1077,7 @@ rend_cache_store(const char *desc, size_t desc_len, int published, log_warn(LD_REND, "Received service descriptor for service ID %s; " "expected descriptor for service ID %s.", query, safe_str(service_id)); + rend_service_descriptor_free(parsed); return -2; } now = time(NULL);

1 0

[tor/release-0.2.2] Use strlcpy in create_unix_sockaddr()
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit 959da6b7f2b5ed63426fd12a9046ac06033f6db1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 12:06:54 2011 -0400 Use strlcpy in create_unix_sockaddr() Using strncpy meant that if listenaddress were ever >= sizeof(sockaddr_un.sun_path), we would fail to nul-terminate sun_path. This isn't a big deal: we never read sun_path, and the kernel is smart enough to reject the sockaddr_un if it isn't nul-terminated. Nonetheless, it's a dumb failure mode. Instead, we should reject addresses that don't fit in sockaddr_un.sun_path. Coverity found this; it's CID 428. Bugfix on 0.2.0.3-alpha. --- changes/cid_428 | 5 +++++ src/or/connection.c | 8 +++++++- 2 files changed, 12 insertions(+), 1 deletions(-) diff --git a/changes/cid_428 b/changes/cid_428 new file mode 100644 index 0000000..cb0fc8c --- /dev/null +++ b/changes/cid_428 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Always NUL-terminate the sun_path field of a sockaddr_un before + passing it to the kernel. (Not a security issue: kernels are + smart enough to reject bad sockaddr_uns.) Found by Coverity; CID + # 428. Bugfix on Tor 0.2.0.3-alpha. diff --git a/src/or/connection.c b/src/or/connection.c index 4869a24..2897fe1 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -804,7 +804,13 @@ create_unix_sockaddr(const char *listenaddress, char **readable_address, sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un)); sockaddr->sun_family = AF_UNIX; - strncpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path)); + if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path)) + >= sizeof(sockaddr->sun_path)) { + log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.", + escaped(listenaddress)); + tor_free(sockaddr); + return NULL; + } if (readable_address) *readable_address = tor_strdup(listenaddress);

1 0

[tor/release-0.2.2] Add a changelog entry for cid30 fix.
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit 359a30d52e01e6413a052f03b7067c40b10336d2 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 12:46:26 2011 -0400 Add a changelog entry for cid30 fix. --- changes/memleak_rendcache | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/changes/memleak_rendcache b/changes/memleak_rendcache new file mode 100644 index 0000000..93b1f61 --- /dev/null +++ b/changes/memleak_rendcache @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a memory leak when receiving a descriptor for a hidden + service we didn't ask for. Found by Coverity; CID#30. Bugfix on + 0.2.2.26-beta.

1 0

[tor/release-0.2.2] Fix insanely large stack_allocation in log_credential_status
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit d25feadebbf05d6fce55cfee1e3c8f928903f543 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 12:36:33 2011 -0400 Fix insanely large stack_allocation in log_credential_status I'm not one to insist on C's miserly stack limits, but allocating a 256K array on the stack is too much even for me. Bugfix on 0.2.1.7-alpha. Found by coverity. Fixes CID # 450. --- changes/cid_450 | 5 +++++ src/common/compat.c | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/changes/cid_450 b/changes/cid_450 new file mode 100644 index 0000000..2045fca --- /dev/null +++ b/changes/cid_450 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Don't stack-allocate the list of supplementary GIDs when we're + about to log them. Stack-allocating NGROUPS_MAX gid_t elements + could take up to 256K, which is way too much stack. Found by + Coverity; CID #450. Bugfix on 0.2.1.7-alpha. diff --git a/src/common/compat.c b/src/common/compat.c index 3965108..9533c11 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1080,7 +1080,8 @@ log_credential_status(void) /* Read, effective and saved GIDs */ gid_t rgid, egid, sgid; /* Supplementary groups */ - gid_t sup_gids[NGROUPS_MAX + 1]; + gid_t *sup_gids = NULL; + int sup_gids_size; /* Number of supplementary groups */ int ngids; @@ -1126,9 +1127,19 @@ log_credential_status(void) #endif /* log supplementary groups */ - if ((ngids = getgroups(NGROUPS_MAX + 1, sup_gids)) < 0) { + sup_gids_size = 64; + sup_gids = tor_malloc(sizeof(gid_t) * 64); + while ((ngids = getgroups(sup_gids_size, sup_gids)) < 0 && + errno == EINVAL && + sup_gids_size < NGROUPS_MAX) { + sup_gids_size *= 2; + sup_gids = tor_realloc(sup_gids, sizeof(gid_t) * sup_gids_size); + } + + if (ngids < 0) { log_warn(LD_GENERAL, "Error getting supplementary GIDs: %s", strerror(errno)); + tor_free(sup_gids); return -1; } else { int i, retval = 0; @@ -1158,6 +1169,7 @@ log_credential_status(void) tor_free(cp); }); smartlist_free(elts); + tor_free(sup_gids); return retval; }

1 0

[tor/release-0.2.2] explain that the ./publish should happen soon after the scp
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit b181985a8f98c0ba15230912f059e1fcf7c626f1 Author: Roger Dingledine <arma(a)torproject.org> Date: Tue Jun 21 00:37:18 2011 -0400 explain that the ./publish should happen soon after the scp otherwise you scp a tarball up but only one version of the website has it. --- doc/HACKING | 22 +++++++++++++--------- 1 files changed, 13 insertions(+), 9 deletions(-) diff --git a/doc/HACKING b/doc/HACKING index 7ff9c5f..feeb05d 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -456,7 +456,6 @@ interesting and understandable. 2.7) Run it through fmt to make it pretty. - 3) Compose a short release blurb to highlight the user-facing changes. Insert said release blurb into the ChangeLog stanza. If it's a stable release, add it to the ReleaseNotes file too. If we're adding @@ -472,15 +471,19 @@ or somebody to try building it on Windows. 6) Get at least two of weasel/arma/karsten to put the new version number in their approved versions list. -7) Sign and push the tarball to the website in the dist/ directory. Sign -and push the git tag. - (That's either "git tag -u <keyid> tor-0.2.x.y-status", then - "git push origin tag tor-0.2.x.y-status". To sign the - tarball, "gpg -ba <the_tarball>". Put the files in - /srv/www-master.torproject.org/htdocs/dist/ on vescum.) +7) Sign the tarball, then sign and push the git tag: + gpg -ba <the_tarball> + git tag -u <keyid> tor-0.2.x.y-status + git push origin tag tor-0.2.x.y-status + +8) scp the tarball and its sig to the website in the dist/ directory +(i.e. /srv/www-master.torproject.org/htdocs/dist/ on vescum). Edit +include/versions.wmi to note the new version. From your website checkout, +run ./publish to build and publish the website. -8) Edit include/versions.wmi to note the new version. From your website -checkout, run ./publish to build and publish the website. +Try not to delay too much between scp'ing the tarball and running +./publish -- the website has multiple A records and your scp only sent +it to one of them. 9) Email Erinn and weasel (cc'ing tor-assistants) that a new tarball is up. This step should probably change to mailing more packagers. @@ -498,3 +501,4 @@ changelog to tor-talk or tor-announce. (We might be moving to faster announcements, but don't announce until the website is at least updated.) +

1 0

[tor/release-0.2.2] Fix comment typo
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit 8a55da57ed17dfb9cefe3193cbda53a15547630e Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Sun Jun 19 01:25:51 2011 -0700 Fix comment typo --- src/test/tinytest_demo.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/test/tinytest_demo.c b/src/test/tinytest_demo.c index bd33cc3..4d2f588 100644 --- a/src/test/tinytest_demo.c +++ b/src/test/tinytest_demo.c @@ -39,7 +39,7 @@ /* ============================================================ */ /* First, let's see if strcmp is working. (All your test cases should be - * functions declared to take a single void * as) an argument. */ + * functions declared to take a single void * as an argument.) */ void test_strcmp(void *data) {

1 0

[arm/master] Torrc generation from the wizard input
by atagar＠torproject.org 05 Jul '11

05 Jul '11

commit b888d3657c85beed4c63d1db4e3df06f4ffeef3d Author: Damian Johnson <atagar(a)torproject.org> Date: Mon Jul 4 22:45:19 2011 -0700 Torrc generation from the wizard input This is most of the functionality needed to generate a torrc from the relay setup wizard's input (minus a few special-case fields like the exit policy and burst rate). This is done via a template that's filled in by the wizard results. The templating language just contains the simple set of control structures (if, if not, or) needed for this. --- src/cli/wizard.py | 43 +++++++++++++++- src/resources/torrcTemplate.txt | 77 ++++++++++++++++++++++++++++ src/util/torConfig.py | 106 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 224 insertions(+), 2 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 8239487..03cfb48 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -3,13 +3,18 @@ Provides user prompts for setting up a new relay. This autogenerates a torrc that's used by arm to run its own tor instance. """ +import os +import sys import functools import curses import cli.popups import cli.controller -from util import connections, enum, uiTools +from util import connections, enum, log, torConfig, uiTools + +# template used to generate the torrc +TORRC_TEMPLATE = "resources/torrcTemplate.txt" # basic configuration types we can run as RelayType = enum.Enum("RELAY", "EXIT", "BRIDGE", "CLIENT") @@ -249,7 +254,10 @@ def showWizard(): selection = promptConfigOptions(relayType, config) if selection == BACK: relayType = None - elif selection == NEXT: break # TODO: implement next screen + elif selection == NEXT: + generatedTorrc = getTorrc(relayType, config) + log.log(log.NOTICE, "Resulting torrc:\n%s" % generatedTorrc) + break # TODO: implement next screen # redraws screen to clear away the dialog we just showed cli.controller.getController().requestRedraw(True) @@ -407,6 +415,37 @@ def promptConfigOptions(relayType, config): finally: cli.popups.finalize() +def getTorrc(relayType, config): + """ + Provides the torrc generated for the given options. + """ + + pathPrefix = os.path.dirname(sys.argv[0]) + if pathPrefix and not pathPrefix.endswith("/"): + pathPrefix = pathPrefix + "/" + + templateFile = open("%s%s" % (pathPrefix, TORRC_TEMPLATE), "r") + template = templateFile.readlines() + templateFile.close() + + # generates the options the template expects + templateOptions = {} + + for key, value in config.items(): + if isinstance(value, ConfigOption): + value = value.getValue() + + templateOptions[key.upper()] = value + + #templateOptions = dict([(key.upper(), config[key].getValue()) for key in config]) + templateOptions[relayType.upper()] = True + templateOptions["LOW_PORTS"] = config[Options.LOWPORTS] + #templateOptions["BURST"] = config[Options.BANDWIDTH] * 2 # TODO: implement + templateOptions["NOTICE_PATH"] = "/path/to/.arm/exit-notice.html" # TODO: actually prepend the right prefix + templateOptions["EXIT_POLICY"] = "" # TODO: fill in configured policy + + return torConfig.renderTorrc(template, templateOptions) + def _splitStr(msg, width): """ Splits a string into substrings of a given length. diff --git a/src/resources/torrcTemplate.txt b/src/resources/torrcTemplate.txt new file mode 100644 index 0000000..bb4dccd --- /dev/null +++ b/src/resources/torrcTemplate.txt @@ -0,0 +1,77 @@ +# This is a tor configuration made by arm. To change the configuration by hand +# edit this file then either... +# - tell arm to reset tor by pressing 'x' +# - run 'pkill -sighup tor' +# - restart tor +# +# Descriptions of all of these configuraiton attibutes (and many more) are +# available in the tor man page. +[NEWLINE] +ControlPort 9052 # port controllers can connect to +CookieAuthentication 1 # method for controller authentication + +[IF RELAY | EXIT | BRIDGE] + RunAsDaemon 1 # runs as a background process +[END IF] +[NEWLINE] + +[IF RELAY | EXIT | BRIDGE] + [IF LOWPORTS] + ORPort 443 # port used for relaying traffic + [ELSE] + ORPort 9001 # port used for relaying traffic + [END IF] + + [IF RELAY | EXIT] + [IF LOWPORTS] + DirPort 80 # port used for mirroring directory information + [ELSE] + DirPort 9030 # port used for mirroring directory information + [END IF] + + Nickname [NICKNAME] # name for this relay + ContactInfo [CONTACT] # contact information in case there's an issue + [END IF] + + [IF BRIDGE] + BridgeRelay 1 # makes us a bridge rather than a public relay + + [IF DISTRIBUTE] + # TODO: drop this? + PublishServerDescriptor bridge # publishes to users looking for bridges + [ELSE] + PublishServerDescriptor 0 # keeps our bridge descriptor private + [END IF] + [END IF] + + RelayBandwidthRate [BANDWIDTH] # limit for the bandwidth we'll use to relay + RelayBandwidthBurst [BURST] # maximum rate when relaying bursts of traffic + AccountingMax [LIMIT] # maximum amount of traffic we'll relay per month + + [IF NOT CLIENT] + SocksPort 0 # prevents tor from being used as a client + [END IF] + + [IF PORTFORWARD] + PortForwarding 1 # negotiates UPnP and NAT-PMP if needed + [END IF] + + [IF RELAY | BRIDGE] + ExitPolicy reject *:* # prevents us from connecting to non-relays + [ELSE] + [IF NOTICE] + DirPortFrontPage [NOTICE_PATH] # disclaimer saying that this is an exit + [END IF] + + [EXIT_POLICY] + [END IF] +[ELSE] + ClientOnly 1 # prevents us from ever being used as a relay + MaxCircuitDirtiness [REUSE] # duration that circuits can be reused + + [IF BRIDGED] + UseBridges 1 # uses the following bridges to connect + [BRIDGES] + [END IF] +[END IF] + diff --git a/src/util/torConfig.py b/src/util/torConfig.py index a63eddb..e5f1cb2 100644 --- a/src/util/torConfig.py +++ b/src/util/torConfig.py @@ -845,3 +845,109 @@ def _testConfigDescriptions(): print "\"%s\"" % description if i != len(sortedOptions) - 1: print "-" * 80 +def renderTorrc(template, options, commentIndent = 30): + """ + Uses the given template to generate a nicely formatted torrc with the given + options. The tempating language this recognizes is a simple one, recognizing + the following options: + [IF <option>] # if <option> maps to true or a non-empty string + [IF NOT <option>] # logical inverse + [IF <opt1> | <opt2>] # logical or of the options + [ELSE] # if the prior conditional evaluated to false + [END IF] # ends the control block + + [<option>] # inputs the option value, omitting the line if it maps + # to a boolean or empty string + [NEWLINE] # empty line, otherwise templating white space is ignored + + Arguments: + template - torrc template lines used to generate the results + options - mapping of keywords to their given values, with values + being booleans or strings (possibly multi-line) + commentIndent - minimum column that comments align on + """ + + results = [] + templateIter = iter(template) + commentLineFormat = "%%-%is%%s" % commentIndent + + try: + while True: + line = templateIter.next().strip() + + if line.startswith("[IF ") and line.endswith("]"): + # checks if any of the conditional options are true or a non-empty string + evaluatesTrue = False + for cond in line[4:-1].split("|"): + isInverse = False + if cond.startswith("NOT "): + isInverse = True + cond = cond[4:] + + if isInverse != bool(options.get(cond.strip())): + evaluatesTrue = True + break + + if evaluatesTrue: + continue + else: + # skips lines until we come to an else or the end of the block + depth = 0 + + while depth != -1: + line = templateIter.next().strip() + + if line.startswith("[IF ") and line.endswith("]"): depth += 1 + elif line == "[END IF]": depth -= 1 + elif depth == 0 and line == "[ELSE]": depth -= 1 + elif line == "[ELSE]": + # an else block we aren't using - skip to the end of it + depth = 0 + + while depth != -1: + line = templateIter.next().strip() + + if line.startswith("[IF "): depth += 1 + elif line == "[END IF]": depth -= 1 + elif line == "[NEWLINE]": + # explicit newline + results.append("") + elif line.startswith("#"): + # comment only + results.append(line) + elif line.startswith("[") and line.endswith("]"): + # completely dynamic entry + optValue = options.get(line[1:-1]) + if optValue: results.append(optValue) + else: + # torrc option line + option, arg, comment = "", "", "" + parsedLine = line + + if "#" in parsedLine: + parsedLine, comment = parsedLine.split("#", 1) + parsedLine = parsedLine.strip() + comment = "# %s" % comment.strip() + + # parses the argument from the option + if " " in parsedLine: + option, arg = parsedLine.split(" ", 1) + option = option.strip() + else: + log.log(log.INFO, "torrc template option lacks an argument: '%s'" % line) + continue + + # inputs dynamic arguments + if arg.startswith("[") and arg.endswith("]"): + arg = options.get(arg[1:-1]) + + # skips argument if it's false or an empty string + if not arg: continue + + torrcEntry = "%s %s" % (option, arg) + if comment: results.append(commentLineFormat % (torrcEntry + " ", comment)) + else: results.append(torrcEntry) + except StopIteration: pass + + return "\n".join(results) +

1 0

[tor/master] Correct a comment
by nickm＠torproject.org 05 Jul '11

05 Jul '11

commit 53f87a89f00d075bdc81c2c468e844f3132ef953 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Fri Jun 24 15:12:45 2011 -0700 Correct a comment --- src/or/circuitlist.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 8534c38..e9cc9eb 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -866,7 +866,7 @@ circuit_unlink_all_from_or_conn(or_connection_t *conn, int reason) } /** Return a circ such that: - * - circ-\>rend_data-\>query is equal to rend_query, and + * - circ-\>rend_data-\>onion_address is equal to rend_query, and * - circ-\>purpose is equal to purpose. * * Return NULL if no such circuit exists.

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.2'
by nickm＠torproject.org 05 Jul '11

05 Jul '11

commit 7295ad18d5c7ca67f6eee6d71823fc071103b795 Merge: 0be2934 335ff91 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 5 16:01:12 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.2'

1 0

[tor/master] Merge remote-tracking branch 'rransom-tor/bug3465-022' into maint-0.2.2
by nickm＠torproject.org 05 Jul '11

05 Jul '11

commit 335ff915c7a509eb1b76e67f88c7b65d20032035 Merge: 06f0c1a 93d52f6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 5 15:52:11 2011 -0400 Merge remote-tracking branch 'rransom-tor/bug3465-022' into maint-0.2.2 changes/bug3465-022 | 6 ++++++ src/or/circuitbuild.c | 10 +++++----- src/or/circuitlist.c | 2 +- src/or/control.c | 3 ++- 4 files changed, 14 insertions(+), 7 deletions(-)

1 0