May 2012 - tor-commits - lists.torproject.org

[tor/maint-0.2.2] fix over-wide line from f661747370
by arma＠torproject.org 10 May '12

10 May '12

commit 436654ee9670aed5f21f571f3eae743c109a2eba Author: Roger Dingledine <arma(a)torproject.org> Date: Thu May 10 17:46:19 2012 -0400 fix over-wide line from f661747370 --- src/or/control.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index 5ffe63b..c1a19ca 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2845,7 +2845,8 @@ handle_control_authchallenge(control_connection_t *conn, uint32_t len, } if (!authentication_cookie_is_set) { - connection_write_str_to_buf("515 Cookie authentication is disabled\r\n", conn); + connection_write_str_to_buf("515 Cookie authentication is disabled\r\n", + conn); connection_mark_for_close(TO_CONN(conn)); return -1; }

1 0

[tor/master] Fix O(n^2) performance when parsing a big pile of extrainfos
by arma＠torproject.org 10 May '12

10 May '12

commit 02a650786b21e4f3c255d686a3b5df875b2d66b5 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 10 17:27:16 2012 -0400 Fix O(n^2) performance when parsing a big pile of extrainfos We were doing an O(n) strlen in router_get_extrainfo_hash() for every one we tried to parse. Instead, have router_get_extrainfo_hash() take the length of the extrainfo as an argument, so that when it's called from extrainfo_parse_from_string(), it doesn't do a strlen() over the whole pile of extrainfos. --- changes/bug5828 | 3 +++ src/or/router.c | 3 ++- src/or/routerparse.c | 10 +++++----- src/or/routerparse.h | 2 +- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/changes/bug5828 b/changes/bug5828 new file mode 100644 index 0000000..3a1734d --- /dev/null +++ b/changes/bug5828 @@ -0,0 +1,3 @@ + o Minor bugfixes (performance): + - Avoid O(n^2) performance characteristics when parsing a large + extrainfo cache. Fixes bug 5828; bugfix on 0.2.0.1-alpha. diff --git a/src/or/router.c b/src/or/router.c index c51bb5d..35955f3 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1655,6 +1655,7 @@ router_rebuild_descriptor(int force) ei->cache_info.signed_descriptor_len = strlen(ei->cache_info.signed_descriptor_body); router_get_extrainfo_hash(ei->cache_info.signed_descriptor_body, + ei->cache_info.signed_descriptor_len, ei->cache_info.signed_descriptor_digest); } @@ -2359,7 +2360,7 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo, } memset(sig, 0, sizeof(sig)); - if (router_get_extrainfo_hash(s, digest) < 0 || + if (router_get_extrainfo_hash(s, strlen(s), digest) < 0 || router_append_dirobj_signature(sig, sizeof(sig), digest, DIGEST_LEN, ident_key) < 0) { log_warn(LD_BUG, "Could not append signature to extra-info " diff --git a/src/or/routerparse.c b/src/or/routerparse.c index c5ce174..781c578 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -682,12 +682,12 @@ router_get_networkstatus_v3_hash(const char *s, char *digest, ' ', alg); } -/** Set digest to the SHA-1 digest of the hash of the extrainfo - * string in s. Return 0 on success, -1 on failure. */ +/** Set digest to the SHA-1 digest of the hash of the s_len-byte + * extrainfo string at s. Return 0 on success, -1 on failure. */ int -router_get_extrainfo_hash(const char *s, char *digest) +router_get_extrainfo_hash(const char *s, size_t s_len, char *digest) { - return router_get_hash_impl(s, strlen(s), digest, "extra-info", + return router_get_hash_impl(s, s_len, digest, "extra-info", "\nrouter-signature",'\n', DIGEST_SHA1); } @@ -1643,7 +1643,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end, while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n') --end; - if (router_get_extrainfo_hash(s, digest) < 0) { + if (router_get_extrainfo_hash(s, end-s, digest) < 0) { log_warn(LD_DIR, "Couldn't compute router hash."); goto err; } diff --git a/src/or/routerparse.h b/src/or/routerparse.h index b274d21..6486a09 100644 --- a/src/or/routerparse.h +++ b/src/or/routerparse.h @@ -19,7 +19,7 @@ int router_get_networkstatus_v2_hash(const char *s, char *digest); int router_get_networkstatus_v3_hash(const char *s, char *digest, digest_algorithm_t algorithm); int router_get_networkstatus_v3_hashes(const char *s, digests_t *digests); -int router_get_extrainfo_hash(const char *s, char *digest); +int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest); #define DIROBJ_MAX_SIG_LEN 256 int router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,

1 0

[tor/release-0.2.2] fold in latest changes
by arma＠torproject.org 10 May '12

10 May '12

commit d06ea86850704084670ec864a685a5e857c3a6a6 Author: Roger Dingledine <arma(a)torproject.org> Date: Thu May 10 16:10:56 2012 -0400 fold in latest changes --- ChangeLog | 7 +++++++ changes/bug5760 | 3 --- changes/bug5786_range | 8 -------- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index bd3e90e..43ce239 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,13 @@ Changes in version 0.2.2.36 - 2012-04-?? bugfix on 0.2.2.29-beta. Bug found by wanoskarnet. o Minor bugfixes: + - Make our number-parsing functions always treat too-large values + as an error, even when those values exceed the width of the + underlying type. Previously, if the caller provided these + functions with minima or maxima set to the extreme values of the + underlying integer type, these functions would return those + values on overflow rather than treating overflow as an error. + Fixes part of bug 5786; bugfix on 0.0.9. - Older Linux kernels erroneously respond to strange nmap behavior by having accept() return successfully with a zero-length socket. When this happens, just close the connection. Previously, diff --git a/changes/bug5760 b/changes/bug5760 deleted file mode 100644 index a26407b..0000000 --- a/changes/bug5760 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes: - - End AUTHCHALLENGE error response messages with a CRLF. Fixes bug 5760; - bugfix on 0.2.3.16-alpha, and backported to maint-0.2.2 diff --git a/changes/bug5786_range b/changes/bug5786_range deleted file mode 100644 index 40ac4d2..0000000 --- a/changes/bug5786_range +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes: - - Make our number-parsing functions always treat too-large values - as an error, even when those values exceed the width of the - underlying type. Previously, if the caller provided these - functions with minima or maxima set to the extreme values of the - underlying integer type, these functions would return those - values on overflow rather than treating overflow as an error. - Fix for part of bug 5786; bugfix on Tor 0.0.9. \ No newline at end of file

1 0

[tor/release-0.2.2] Merge branch 'maint-0.2.2' into release-0.2.2
by arma＠torproject.org 10 May '12

10 May '12

commit 10d1ac3f9dda65322b5b9d17e8c7d37de238edf0 Merge: 66cd361 79c4c81 Author: Roger Dingledine <arma(a)torproject.org> Date: Thu May 10 16:04:19 2012 -0400 Merge branch 'maint-0.2.2' into release-0.2.2 changes/bug5760 | 3 +++ changes/bug5786_range | 8 ++++++++ src/common/util.c | 7 +++++++ src/or/control.c | 10 +++++----- src/test/test_util.c | 15 +++++++++++++++ 5 files changed, 38 insertions(+), 5 deletions(-)

1 0

[tor/release-0.2.2] Add missing CRLFs to AUTHCHALLENGE failure replies
by arma＠torproject.org 10 May '12

10 May '12

commit f6617473700eb4b4ab30255e7176d774c38931cd Author: Ravi Chandra Padmala <neenaoffline(a)gmail.com> Date: Fri May 4 02:34:26 2012 +0530 Add missing CRLFs to AUTHCHALLENGE failure replies Fix #5760 --- src/or/control.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index ddfc80e..5ffe63b 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2839,13 +2839,13 @@ handle_control_authchallenge(control_connection_t *conn, uint32_t len, cp += strlen("SAFECOOKIE"); } else { connection_write_str_to_buf("513 AUTHCHALLENGE only supports SAFECOOKIE " - "authentication", conn); + "authentication\r\n", conn); connection_mark_for_close(TO_CONN(conn)); return -1; } if (!authentication_cookie_is_set) { - connection_write_str_to_buf("515 Cookie authentication is disabled", conn); + connection_write_str_to_buf("515 Cookie authentication is disabled\r\n", conn); connection_mark_for_close(TO_CONN(conn)); return -1; } @@ -2856,7 +2856,7 @@ handle_control_authchallenge(control_connection_t *conn, uint32_t len, decode_escaped_string(cp, len - (cp - body), &client_nonce, &client_nonce_len); if (newcp == NULL) { - connection_write_str_to_buf("513 Invalid quoted client nonce", + connection_write_str_to_buf("513 Invalid quoted client nonce\r\n", conn); connection_mark_for_close(TO_CONN(conn)); return -1; @@ -2870,7 +2870,7 @@ handle_control_authchallenge(control_connection_t *conn, uint32_t len, if (base16_decode(client_nonce, client_nonce_len, cp, client_nonce_encoded_len) < 0) { - connection_write_str_to_buf("513 Invalid base16 client nonce", + connection_write_str_to_buf("513 Invalid base16 client nonce\r\n", conn); connection_mark_for_close(TO_CONN(conn)); return -1; @@ -2882,7 +2882,7 @@ handle_control_authchallenge(control_connection_t *conn, uint32_t len, cp += strspn(cp, " \t\n\r"); if (*cp != '\0' || cp != body + len) { - connection_write_str_to_buf("513 Junk at end of AUTHCHALLENGE command", + connection_write_str_to_buf("513 Junk at end of AUTHCHALLENGE command\r\n", conn); connection_mark_for_close(TO_CONN(conn)); tor_free(client_nonce);

1 0

[tor/release-0.2.2] Handle out-of-range values in tor_parse_* integer functions
by arma＠torproject.org 10 May '12

10 May '12

commit 9b344628ed8f15543dc7780cc2a5cdd1b8f656cf Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 7 12:25:59 2012 -0400 Handle out-of-range values in tor_parse_* integer functions The underlying strtoX functions handle overflow by saturating and setting errno to ERANGE. If the min/max arguments to the tor_parse_* functions are equal to the minimum/maximum of the underlying type, then with the old approach, we wouldn't treat a too-large value as genuinely broken. Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor 0.0.9), which introduced these functions. --- changes/bug5786_range | 8 ++++++++ src/common/util.c | 7 +++++++ src/test/test_util.c | 15 +++++++++++++++ 3 files changed, 30 insertions(+), 0 deletions(-) diff --git a/changes/bug5786_range b/changes/bug5786_range new file mode 100644 index 0000000..40ac4d2 --- /dev/null +++ b/changes/bug5786_range @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Make our number-parsing functions always treat too-large values + as an error, even when those values exceed the width of the + underlying type. Previously, if the caller provided these + functions with minima or maxima set to the extreme values of the + underlying integer type, these functions would return those + values on overflow rather than treating overflow as an error. + Fix for part of bug 5786; bugfix on Tor 0.0.9. \ No newline at end of file diff --git a/src/common/util.c b/src/common/util.c index e3cd154..7d2fc4d 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -764,6 +764,9 @@ tor_digest256_is_zero(const char *digest) /* Helper: common code to check whether the result of a strtol or strtoul or * strtoll is correct. */ #define CHECK_STRTOX_RESULT() \ + /* Did an overflow occur? */ \ + if (errno == ERANGE) \ + goto err; \ /* Was at least one character converted? */ \ if (endptr == s) \ goto err; \ @@ -800,6 +803,7 @@ tor_parse_long(const char *s, int base, long min, long max, char *endptr; long r; + errno = 0; r = strtol(s, &endptr, base); CHECK_STRTOX_RESULT(); } @@ -812,6 +816,7 @@ tor_parse_ulong(const char *s, int base, unsigned long min, char *endptr; unsigned long r; + errno = 0; r = strtoul(s, &endptr, base); CHECK_STRTOX_RESULT(); } @@ -823,6 +828,7 @@ tor_parse_double(const char *s, double min, double max, int *ok, char **next) char *endptr; double r; + errno = 0; r = strtod(s, &endptr); CHECK_STRTOX_RESULT(); } @@ -836,6 +842,7 @@ tor_parse_uint64(const char *s, int base, uint64_t min, char *endptr; uint64_t r; + errno = 0; #ifdef HAVE_STRTOULL r = (uint64_t)strtoull(s, &endptr, base); #elif defined(MS_WINDOWS) diff --git a/src/test/test_util.c b/src/test/test_util.c index 23cd059..ee745c5 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -283,6 +283,21 @@ test_util_strmisc(void) test_assert(i == 1); } + { + /* Test tor_parse_* where we overflow/underflow the underlying type. */ + /* This string should overflow 64-bit ints. */ +#define TOOBIG "100000000000000000000000000" + test_eq(0L, tor_parse_long(TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL)); + test_eq(i, 0); + test_eq(0L, tor_parse_long("-"TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL)); + test_eq(i, 0); + test_eq(0UL, tor_parse_ulong(TOOBIG, 10, 0, ULONG_MAX, &i, NULL)); + test_eq(i, 0); + test_eq(U64_LITERAL(0), tor_parse_uint64(TOOBIG, 10, + 0, UINT64_MAX, &i, NULL)); + test_eq(i, 0); + } + /* Test failing snprintf cases */ test_eq(-1, tor_snprintf(buf, 0, "Foo")); test_eq(-1, tor_snprintf(buf, 2, "Foo"));

1 0

[tor/release-0.2.2] Merge branch 'bug5786_range_022' into maint-0.2.2
by arma＠torproject.org 10 May '12

10 May '12

commit 79c4c8195a9da15dc13866dd4a706807c79dba46 Merge: 5bbf04d 9b34462 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 10 15:38:57 2012 -0400 Merge branch 'bug5786_range_022' into maint-0.2.2 changes/bug5786_range | 8 ++++++++ src/common/util.c | 7 +++++++ src/test/test_util.c | 15 +++++++++++++++ 3 files changed, 30 insertions(+), 0 deletions(-)

1 0

[tor/release-0.2.2] Add changes/bug5760
by arma＠torproject.org 10 May '12

10 May '12

commit 5bbf04dc9727de393ab1c42440124d875c79c13e Author: Ravi Chandra Padmala <neenaoffline(a)gmail.com> Date: Thu May 10 12:53:16 2012 +0530 Add changes/bug5760 --- changes/bug5760 | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/changes/bug5760 b/changes/bug5760 new file mode 100644 index 0000000..a26407b --- /dev/null +++ b/changes/bug5760 @@ -0,0 +1,3 @@ + o Major bugfixes: + - End AUTHCHALLENGE error response messages with a CRLF. Fixes bug 5760; + bugfix on 0.2.3.16-alpha, and backported to maint-0.2.2

1 0

[tor/master] Only disable cert chaining on the first TLS handshake
by nickm＠torproject.org 10 May '12

10 May '12

commit f0212197cccf461e431d6807a94ea0fdc411e179 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Apr 27 12:13:56 2012 -0400 Only disable cert chaining on the first TLS handshake If the client uses a v2 cipherlist on the renegotiation handshake, it looks as if they could fail to get a good cert chain from the server, since they server would re-disable certificate chaining. This patch makes it so the code that make the server side of the first v2 handshake special can get called only once. Fix for 4591; bugfix on 0.2.0.20-rc. --- changes/bug4591 | 6 ++++++ src/common/tortls.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletions(-) diff --git a/changes/bug4591 b/changes/bug4591 new file mode 100644 index 0000000..59b25a5 --- /dev/null +++ b/changes/bug4591 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - If the client fails to set a reasonable set of ciphersuites + during its v2 handshake renegotiation, allow the renegotiation + to continue nevertheless (i.e., send all the required + certificates). Fix for bug 4591; bugfix on 0.2.0.20-rc. + diff --git a/src/common/tortls.c b/src/common/tortls.c index 4c9d218..abdd411 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -965,7 +965,9 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) /* Now check the cipher list. */ if (tor_tls_client_is_using_v2_ciphers(ssl, ADDR(tls))) { - /*XXXX_TLS keep this from happening more than once! */ + if (tls->wasV2Handshake) + return; /* We already turned this stuff off for the first handshake; + * This is a renegotiation. */ /* Yes, we're casting away the const from ssl. This is very naughty of us. * Let's hope openssl doesn't notice! */

1 0

[tor/master] Merge remote-tracking branch 'public/bug4591'
by nickm＠torproject.org 10 May '12

10 May '12

commit 62f8e3926d62ff4aaefedfe89355f04f3a8d74fa Merge: 0b1a334 f021219 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 10 15:55:12 2012 -0400 Merge remote-tracking branch 'public/bug4591' changes/bug4591 | 6 ++++++ src/common/tortls.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletions(-)

1 0