August 2011 - tor-commits - lists.torproject.org

[arm/master] fix: torrc validation arg doesn't need root check
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit c8de18c201814f4acfee6d64904c4c7335077846 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 27 13:39:38 2011 -0700 fix: torrc validation arg doesn't need root check --- src/resources/torrcOverride/override.py | 19 +++++++++++-------- 1 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/resources/torrcOverride/override.py b/src/resources/torrcOverride/override.py index dffa3a5..b99ae95 100755 --- a/src/resources/torrcOverride/override.py +++ b/src/resources/torrcOverride/override.py @@ -315,6 +315,17 @@ if __name__ == "__main__": print "This is a script specifically for configuring Linux" sys.exit(1) + if len(sys.argv) == 3 and sys.argv[1] == "--validate": + torrcFile = open(sys.argv[2]) + torrcContents = torrcFile.readlines() + torrcFile.close() + + isValid = isWizardGenerated(torrcContents) + if isValid: print "torrc validated" + else: print "torrc invalid" + + sys.exit(0) + # check that we're running effectively as root if os.geteuid() != 0: print "This script needs to be run as root" @@ -326,14 +337,6 @@ if __name__ == "__main__": init() elif len(sys.argv) == 2 and sys.argv[1] == "--remove": remove() - elif len(sys.argv) == 3 and sys.argv[1] == "--validate": - torrcFile = open(sys.argv[2]) - torrcContents = torrcFile.readlines() - torrcFile.close() - - isValid = isWizardGenerated(torrcContents) - if isValid: print "torrc validated" - else: print "torrc invalid" else: print HELP_MSG sys.exit(1)

1 0

[arm/master] fix: GUARD event support
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit ce2ff76cc352309ac4450d6dc9f94e1db7da4983 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Aug 3 09:01:48 2011 -0700 fix: GUARD event support The log panel wasn't receiving GUARD events, causing them to be silently dropped. Also doing better parsing for timestamp entries. --- src/cli/logPanel.py | 17 ++++++++++++++++- 1 files changed, 16 insertions(+), 1 deletions(-) diff --git a/src/cli/logPanel.py b/src/cli/logPanel.py index bb47517..f39617d 100644 --- a/src/cli/logPanel.py +++ b/src/cli/logPanel.py @@ -533,7 +533,18 @@ class TorEventObserver(TorCtl.PostEventListener): self._notify(event, ", ".join(idlistStr)) def address_mapped_event(self, event): - self._notify(event, "%s, %s -> %s" % (event.when, event.from_addr, event.to_addr)) + whenLabel, gmtExpiryLabel = "", "" + + if event.when: + whenLabel = time.strftime("%H:%M %m/%d/%Y", event.when) + + # TODO: torctl is getting an 'error' and 'gmt_expiry' attribute so display + # those when they become available + # + #if event.gmt_expiry: + # gmtExpiryLabel = time.strftime("%H:%M %m/%d/%Y", event.gmt_expiry) + + self._notify(event, "%s, %s -> %s" % (whenLabel, event.from_addr, event.to_addr)) def ns_event(self, event): # NetworkStatus params: nickname, idhash, orhash, ip, orport (int), @@ -545,6 +556,10 @@ class TorEventObserver(TorCtl.PostEventListener): msg = ", ".join(["%s (%s)" % (ns.idhex, ns.nickname) for ns in event.nslist]) self._notify(event, "Listed (%i): %s" % (len(event.nslist), msg), "magenta") + def guard_event(self, event): + msg = "%s (%s), STATUS: %s" % (event.idhex, event.nick, event.status) + self._notify(event, msg, "yellow") + def unknown_event(self, event): msg = "(%s) %s" % (event.event_name, event.event_string) self.callback(LogEntry(event.arrived_at, "UNKNOWN", msg, "red"))

1 0

[arm/master] fix: misparsing sudo version string
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit d1c16ba280d925b7b0724e8c47dca959a46c19d5 Author: Damian Johnson <atagar(a)torproject.org> Date: Sat Aug 6 16:24:46 2011 -0700 fix: misparsing sudo version string --- src/cli/wizard.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index ff4e5cf..f0c14a8 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -417,7 +417,7 @@ def showWizard(): sudoVersionResult = sysTools.call("sudo -V") # version output looks like "Sudo version 1.7.2p7" - if len(sudoVersionResult) == 1 and sudoVersionResult.count(" ") >= 2: + if len(sudoVersionResult) == 1 and sudoVersionResult[0].count(" ") >= 2: versionNum = 0 for comp in sudoVersionResult[0].split(" ")[2].split("."):

1 0

[arm/master] fix: detecting for /var/lib/tor-arm
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit 4f88292730be74ede753b2bdc9c1fdcbb9437106 Author: Damian Johnson <atagar(a)torproject.org> Date: Sat Aug 6 16:14:07 2011 -0700 fix: detecting for /var/lib/tor-arm The '/var/lib/tor-arm' directory lack read permissions for the user we're running as, so checking for '/var/lib/tor-arm/torrc' always fails. This is just meant to determine if we're run the 'override.py --init' prep so detecting for the directory is fine. --- src/cli/wizard.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 6d9d488..ff4e5cf 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -320,7 +320,7 @@ def showWizard(): # permissions then we aren't able to deal with the system wide tor instance. # Also drop the optoin if we aren't installed since override.py won't be at # the expected path. - if not os.path.exists(SYSTEM_DROP_PATH) or not os.path.exists(OVERRIDE_SCRIPT): + if not os.path.exists(os.path.dirname(SYSTEM_DROP_PATH)) or not os.path.exists(OVERRIDE_SCRIPT): disabledOpt.append(Options.SYSTEM) while True:

1 0

[arm/master] Merge branch 'torrc-override'
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit 5b4c2765384045de454f33f390886a56483a6979 Merge: ce2ff76 d1c16ba Author: Damian Johnson <atagar(a)torproject.org> Date: Sat Aug 6 16:37:52 2011 -0700 Merge branch 'torrc-override' src/cli/wizard.py | 100 ++++++++- src/resources/torrcOverride/override.c | 50 +++++ src/resources/torrcOverride/override.h | 1 + src/resources/torrcOverride/override.py | 363 +++++++++++++++++++++++++++++++ src/settings.cfg | 4 + 5 files changed, 506 insertions(+), 12 deletions(-)

1 0

[tor/master] Handle storing much longer socks4 authentication data.
by nickm＠torproject.org 06 Aug '11

06 Aug '11

commit e511a3a4dd4cacd8d2cd4f076ea321f75e5dfd22 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Aug 5 18:56:30 2011 -0400 Handle storing much longer socks4 authentication data. --- src/or/or.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/or.h b/src/or/or.h index e7670bb..eb271b5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2524,7 +2524,7 @@ typedef struct origin_circuit_t { char *dest_address; int session_group; unsigned nym_epoch; - uint8_t socks_username_len; + size_t socks_username_len; uint8_t socks_password_len; /* Note that the next two values are NOT NUL-terminated; see socks_username_len and socks_password_len for their lengths. */ @@ -3404,7 +3404,7 @@ struct socks_request_t { unsigned int got_auth : 1; /**< Have we received any authentication data? */ /** Number of bytes in username; 0 if username is NULL */ - uint8_t usernamelen; + size_t usernamelen; /** Number of bytes in password; 0 if password is NULL */ uint8_t passwordlen; /** The negotiated username value if any (for socks5), or the entire

1 0

[tor/master] Merge remote-tracking branch 'public/bug3683'
by nickm＠torproject.org 06 Aug '11

06 Aug '11

commit ce878874615cb1d1c1636d6706a20c77e90342a3 Merge: d690a99 413574a Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Aug 5 20:21:27 2011 -0400 Merge remote-tracking branch 'public/bug3683' src/or/buffers.c | 10 ++++++- src/or/circuitlist.c | 10 ++++++- src/or/connection_edge.c | 60 ++++++++++++++++++++++++++++++++++++--------- src/or/or.h | 6 ++++- 4 files changed, 69 insertions(+), 17 deletions(-)

1 0

[tor/master] Clear socks auth fields before free
by nickm＠torproject.org 06 Aug '11

06 Aug '11

commit 413574ad388d1f5bb756e818beb5ea9837b03bc3 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Aug 5 19:07:33 2011 -0400 Clear socks auth fields before free --- src/or/buffers.c | 10 ++++++++-- src/or/circuitlist.c | 10 ++++++++-- src/or/connection_edge.c | 10 ++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/or/buffers.c b/src/or/buffers.c index 5b9e55e..488289c 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1532,8 +1532,14 @@ socks_request_free(socks_request_t *req) { if (!req) return; - tor_free(req->username); - tor_free(req->password); + if (req->username) { + memset(req->username, 0x10, req->usernamelen); + tor_free(req->username); + } + if (req->password) { + memset(req->password, 0x04, req->passwordlen); + tor_free(req->password); + } memset(req, 0xCC, sizeof(socks_request_t)); tor_free(req); } diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 48c5afc..2222a25 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -552,8 +552,14 @@ circuit_free(circuit_t *circ) rend_data_free(ocirc->rend_data); tor_free(ocirc->dest_address); - tor_free(ocirc->socks_username); - tor_free(ocirc->socks_password); + if (ocirc->socks_username) { + memset(ocirc->socks_username, 0x12, ocirc->socks_username_len); + tor_free(ocirc->socks_username); + } + if (ocirc->socks_password) { + memset(ocirc->socks_password, 0x06, ocirc->socks_password_len); + tor_free(ocirc->socks_password); + } } else { or_circuit_t *ocirc = TO_OR_CIRCUIT(circ); /* Remember cell statistics for this circuit before deallocating. */ diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 83102ba..ae2dfd2 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3569,8 +3569,14 @@ circuit_clear_isolation(origin_circuit_t *circ) tor_free(circ->dest_address); circ->session_group = -1; circ->nym_epoch = 0; - tor_free(circ->socks_username); - tor_free(circ->socks_password); + if (circ->socks_username) { + memset(circ->socks_username, 0x11, circ->socks_username_len); + tor_free(circ->socks_username); + } + if (circ->socks_password) { + memset(circ->socks_password, 0x05, circ->socks_password_len); + tor_free(circ->socks_password); + } circ->socks_username_len = circ->socks_password_len = 0; }

1 0

[tor/master] Treat socks_request->{username, password} as non-NUL-terminated
by nickm＠torproject.org 06 Aug '11

06 Aug '11

commit 8054e81e14e20101e355a7c58d7e5ea7ec231d96 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Aug 4 12:03:31 2011 -0400 Treat socks_request->{username,password} as non-NUL-terminated They *are* non-NUL-terminated, after all (and they have to be, since the SOCKS5 spec allows them to contain embedded NULs. But the code to implement proposal 171 was copying them with tor_strdup and comparing them with strcmp_opt. Fix for bug on 3683; bug not present in any yet-released version. --- src/or/connection_edge.c | 50 ++++++++++++++++++++++++++++++++++++--------- src/or/or.h | 4 +++ 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 8f550cf..83102ba 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3329,6 +3329,23 @@ parse_extended_hostname(char *address, int allowdotexit) return BAD_HOSTNAME; } +/** Return true iff the (possibly NULL) alen-byte chunk of memory at + * a is equal to the (possibly NULL) blen-byte chunk of memory + * at b. */ +static int +memeq_opt(const char *a, size_t alen, const char *b, size_t blen) +{ + if (a == NULL) { + return (b == NULL); + } else if (b == NULL) { + return 0; + } else if (alen != blen) { + return 0; + } else { + return tor_memeq(a, b, alen); + } +} + /** Return true iff a and b have isolation rules and fields that * make it permissible to put them on the same circuit.*/ int @@ -3336,6 +3353,8 @@ connection_edge_streams_are_compatible(const edge_connection_t *a, const edge_connection_t *b) { const uint8_t iso = a->isolation_flags | b->isolation_flags; + const socks_request_t *a_sr = a->socks_request; + const socks_request_t *b_sr = b->socks_request; if (! a->original_dest_address) { log_warn(LD_BUG, "Reached connection_edge_streams_are_compatible without " @@ -3359,8 +3378,10 @@ connection_edge_streams_are_compatible(const edge_connection_t *a, strcasecmp(a->original_dest_address, b->original_dest_address)) return 0; if ((iso & ISO_SOCKSAUTH) && - (strcmp_opt(a->socks_request->username, b->socks_request->username) || - strcmp_opt(a->socks_request->password, b->socks_request->password))) + (! memeq_opt(a_sr->username, a_sr->usernamelen, + b_sr->username, b_sr->usernamelen) || + ! memeq_opt(a_sr->password, a_sr->passwordlen, + b_sr->password, b_sr->passwordlen))) return 0; if ((iso & ISO_CLIENTPROTO) && (a->socks_request->listener_type != b->socks_request->listener_type || @@ -3386,6 +3407,7 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn, const origin_circuit_t *circ) { const uint8_t iso = conn->isolation_flags; + const socks_request_t *sr = conn->socks_request; /* If circ has never been used for an isolated connection, we can * totally use it for this one. */ @@ -3421,8 +3443,10 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn, strcasecmp(conn->original_dest_address, circ->dest_address)) return 0; if ((iso & ISO_SOCKSAUTH) && - (strcmp_opt(conn->socks_request->username, circ->socks_username) || - strcmp_opt(conn->socks_request->password, circ->socks_password))) + (! memeq_opt(sr->username, sr->usernamelen, + circ->socks_username, circ->socks_username_len) || + ! memeq_opt(sr->password, sr->passwordlen, + circ->socks_password, circ->socks_password_len))) return 0; if ((iso & ISO_CLIENTPROTO) && (conn->socks_request->listener_type != circ->client_proto_type || @@ -3452,6 +3476,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, origin_circuit_t *circ, int dry_run) { + const socks_request_t *sr = conn->socks_request; if (! conn->original_dest_address) { log_warn(LD_BUG, "Reached connection_update_circuit_isolation without " "having set conn->original_dest_address"); @@ -3469,10 +3494,12 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr); circ->session_group = conn->session_group; circ->nym_epoch = conn->nym_epoch; - circ->socks_username = conn->socks_request->username ? - tor_strdup(conn->socks_request->username) : NULL; - circ->socks_password = conn->socks_request->password ? - tor_strdup(conn->socks_request->password) : NULL; + circ->socks_username = sr->username ? + tor_memdup(sr->username, sr->usernamelen) : NULL; + circ->socks_password = sr->password ? + tor_memdup(sr->password, sr->passwordlen) : NULL; + circ->socks_username_len = sr->usernamelen; + circ->socks_password_len = sr->passwordlen; circ->isolation_values_set = 1; return 0; @@ -3482,8 +3509,10 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, mixed |= ISO_DESTPORT; if (strcasecmp(conn->original_dest_address, circ->dest_address)) mixed |= ISO_DESTADDR; - if (strcmp_opt(conn->socks_request->username, circ->socks_username) || - strcmp_opt(conn->socks_request->password, circ->socks_password)) + if (!memeq_opt(sr->username, sr->usernamelen, + circ->socks_username, circ->socks_username_len) || + !memeq_opt(sr->password, sr->passwordlen, + circ->socks_password, circ->socks_password_len)) mixed |= ISO_SOCKSAUTH; if ((conn->socks_request->listener_type != circ->client_proto_type || conn->socks_request->socks_version != circ->client_proto_socksver)) @@ -3542,5 +3571,6 @@ circuit_clear_isolation(origin_circuit_t *circ) circ->nym_epoch = 0; tor_free(circ->socks_username); tor_free(circ->socks_password); + circ->socks_username_len = circ->socks_password_len = 0; } diff --git a/src/or/or.h b/src/or/or.h index 150971b..e7670bb 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2524,6 +2524,10 @@ typedef struct origin_circuit_t { char *dest_address; int session_group; unsigned nym_epoch; + uint8_t socks_username_len; + uint8_t socks_password_len; + /* Note that the next two values are NOT NUL-terminated; see + socks_username_len and socks_password_len for their lengths. */ char *socks_username; char *socks_password; /**@}*/

1 0

[torouter/master] add package skel
by ioerror＠torproject.org 05 Aug '11

05 Aug '11

commit 85bbadf931c74ec5bcbad7d3a5403b59b827db50 Author: Jacob Appelbaum <jacob(a)appelbaum.net> Date: Fri Aug 5 15:46:58 2011 -0700 add package skel --- packages/torouter-takeover/README | 1 + packages/torouter-web/README | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) diff --git a/packages/torouter-takeover/README b/packages/torouter-takeover/README new file mode 100644 index 0000000..e889ed2 --- /dev/null +++ b/packages/torouter-takeover/README @@ -0,0 +1 @@ +This is where our debtakeover script will be packaged. diff --git a/packages/torouter-web/README b/packages/torouter-web/README new file mode 100644 index 0000000..0303fad --- /dev/null +++ b/packages/torouter-web/README @@ -0,0 +1 @@ +This is where the web interface for Torouter will be packaged.

1 0