August 2014 - tor-commits - lists.torproject.org

[tor/master] Add reallocarray clone so we can stop doing multiply-then-reallocate
by nickm＠torproject.org 13 Aug '14

13 Aug '14

commit 19b137bc05d7414e478945c61f41409aa886462b Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Aug 13 10:27:13 2014 -0400 Add reallocarray clone so we can stop doing multiply-then-reallocate --- src/common/util.c | 14 ++++++++++++++ src/common/util.h | 3 +++ 2 files changed, 17 insertions(+) diff --git a/src/common/util.c b/src/common/util.c index 8589344..9473251 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -244,6 +244,20 @@ tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS) return result; } +/** + * Try to realloc <b>ptr</b> so that it takes up sz1 * sz2 bytes. Check for + * overflow. Unlike other allocation functions, return NULL on overflow. + */ +void * +tor_reallocarray_(void *ptr, size_t sz1, size_t sz2 DMALLOC_PARAMS) +{ + /* XXXX we can make this return 0, but we would need to check all the + * reallocarray users. */ + tor_assert(sz2 == 0 || sz1 < SIZE_T_CEILING / sz2); + + return tor_realloc(ptr, (sz1 * sz2) DMALLOC_FN_ARGS); +} + /** Return a newly allocated copy of the NUL-terminated string s. On * error, log and terminate. (Like strdup(s), but never returns * NULL.) diff --git a/src/common/util.h b/src/common/util.h index 97367a9..61bb05f 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -79,6 +79,7 @@ void *tor_malloc_(size_t size DMALLOC_PARAMS) ATTR_MALLOC; void *tor_malloc_zero_(size_t size DMALLOC_PARAMS) ATTR_MALLOC; void *tor_calloc_(size_t nmemb, size_t size DMALLOC_PARAMS) ATTR_MALLOC; void *tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS); +void *tor_reallocarray_(void *ptr, size_t size1, size_t size2 DMALLOC_PARAMS); char *tor_strdup_(const char *s DMALLOC_PARAMS) ATTR_MALLOC ATTR_NONNULL((1)); char *tor_strndup_(const char *s, size_t n DMALLOC_PARAMS) ATTR_MALLOC ATTR_NONNULL((1)); @@ -116,6 +117,8 @@ extern int dmalloc_free(const char *file, const int line, void *pnt, #define tor_malloc_zero(size) tor_malloc_zero_(size DMALLOC_ARGS) #define tor_calloc(nmemb,size) tor_calloc_(nmemb, size DMALLOC_ARGS) #define tor_realloc(ptr, size) tor_realloc_(ptr, size DMALLOC_ARGS) +#define tor_reallocarray(ptr, sz1, sz2) \ + tor_reallocarray_((ptr), (sz1), (sz2) DMALLOC_ARGS) #define tor_strdup(s) tor_strdup_(s DMALLOC_ARGS) #define tor_strndup(s, n) tor_strndup_(s, n DMALLOC_ARGS) #define tor_memdup(s, n) tor_memdup_(s, n DMALLOC_ARGS)

1 0

[tor/master] Add changes file for bug12855
by nickm＠torproject.org 13 Aug '14

13 Aug '14

commit 4410f6fb83a82d4d40fe88d0c9003fdd1217c00c Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Aug 13 10:38:12 2014 -0400 Add changes file for bug12855 --- changes/bug12855 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/changes/bug12855 b/changes/bug12855 new file mode 100644 index 0000000..8d8c10d --- /dev/null +++ b/changes/bug12855 @@ -0,0 +1,5 @@ + o Code simplification and refactoring + - Use calloc and reallocarray functions in preference to + multiply-then-malloc. This makes it less likely for us to fall + victim to an integer overflow attack when allocating. Resolves + ticket 12855.

1 0

[tor/master] Add a simple coccinelle script to replace malloc->calloc
by nickm＠torproject.org 13 Aug '14

13 Aug '14

commit 5da821a8a3cfffc18f5a656852d98e69cff5dd8f Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Aug 13 10:31:31 2014 -0400 Add a simple coccinelle script to replace malloc->calloc Coccinelle is a semantic patching tool that can automatically change C code via semantic patching. This script also replaces realloc with reallocarray as appropriate. --- scripts/coccinelle/calloc.cocci | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/scripts/coccinelle/calloc.cocci b/scripts/coccinelle/calloc.cocci new file mode 100644 index 0000000..8a295eb --- /dev/null +++ b/scripts/coccinelle/calloc.cocci @@ -0,0 +1,20 @@ +// Use calloc or realloc as appropriate instead of multiply-and-alloc + +@malloc_to_calloc@ +expression a,b; +@@ +- tor_malloc(a * b) ++ tor_calloc(a, b) + +@malloc_zero_to_calloc@ +expression a, b; +@@ +- tor_malloc_zero(a * b) ++ tor_calloc(a, b) + +@realloc_to_reallocarray@ +expression a, b; +expression p; +@@ +- tor_realloc(p, a * b) ++ tor_reallocarray(p, a, b)

1 0

[tor/master] Merge remote-tracking branch 'public/use_calloc'
by nickm＠torproject.org 13 Aug '14

13 Aug '14

commit 9114346d323f3fe7c261bfcee89556bab4f88d48 Merge: 938deec 4570805 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Aug 13 15:01:04 2014 -0400 Merge remote-tracking branch 'public/use_calloc' changes/bug12855 | 5 +++++ scripts/coccinelle/calloc.cocci | 20 ++++++++++++++++++++ src/common/compat.c | 4 ++-- src/common/container.c | 5 +++-- src/common/container.h | 4 ++-- src/common/crypto.c | 4 ++-- src/common/util.c | 20 +++++++++++++++++--- src/common/util.h | 3 +++ src/or/circuitbuild.c | 2 +- src/or/circuitstats.c | 10 +++++----- src/or/config.c | 4 ++-- src/or/cpuworker.c | 2 +- src/or/dirserv.c | 12 ++++++------ src/or/dirvote.c | 36 ++++++++++++++++++------------------ src/or/geoip.c | 4 ++-- src/or/rendcommon.c | 2 +- src/or/rephist.c | 11 ++++------- src/or/routerlist.c | 12 ++++++------ src/test/test_pt.c | 2 +- src/test/test_util.c | 2 +- 20 files changed, 102 insertions(+), 62 deletions(-)

1 0

[translation/torcheck_completed] Update translations for torcheck_completed
by translation＠torproject.org 13 Aug '14

13 Aug '14

commit ce712941d6deffd23e78f7edd11ee26797af2e75 Author: Translation commit bot <translation(a)torproject.org> Date: Wed Aug 13 18:45:18 2014 +0000 Update translations for torcheck_completed --- nn/torcheck.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nn/torcheck.po b/nn/torcheck.po index a2e60c0..5dda5fc 100644 --- a/nn/torcheck.po +++ b/nn/torcheck.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "POT-Creation-Date: 2012-02-16 20:28+PDT\n" -"PO-Revision-Date: 2014-08-13 18:10+0000\n" +"PO-Revision-Date: 2014-08-13 18:20+0000\n" "Last-Translator: Bjørn I. <bjorn.svindseth(a)online.no>\n" "Language-Team: Norwegian Nynorsk (http://www.transifex.com/projects/p/torproject/language/nn/)\n" "MIME-Version: 1.0\n"

1 0

[translation/torcheck] Update translations for torcheck
by translation＠torproject.org 13 Aug '14

13 Aug '14

commit 2764d0703b450f1dd859b9b454ce55d304ee9dd2 Author: Translation commit bot <translation(a)torproject.org> Date: Wed Aug 13 18:45:14 2014 +0000 Update translations for torcheck --- nn/torcheck.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nn/torcheck.po b/nn/torcheck.po index a2e60c0..5dda5fc 100644 --- a/nn/torcheck.po +++ b/nn/torcheck.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "POT-Creation-Date: 2012-02-16 20:28+PDT\n" -"PO-Revision-Date: 2014-08-13 18:10+0000\n" +"PO-Revision-Date: 2014-08-13 18:20+0000\n" "Last-Translator: Bjørn I. <bjorn.svindseth(a)online.no>\n" "Language-Team: Norwegian Nynorsk (http://www.transifex.com/projects/p/torproject/language/nn/)\n" "MIME-Version: 1.0\n"

1 0

[ooni-probe/master] Add unittests for geoip database version
by art＠torproject.org 13 Aug '14

13 Aug '14

commit 22465e0ae238a6584a8549796f4dfbae21db73dc Author: Arturo Filastò <art(a)fuffa.org> Date: Thu Aug 7 18:21:11 2014 +0200 Add unittests for geoip database version --- ooni/tests/test_geoip.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/ooni/tests/test_geoip.py b/ooni/tests/test_geoip.py index b801cff..da7e47f 100644 --- a/ooni/tests/test_geoip.py +++ b/ooni/tests/test_geoip.py @@ -1,10 +1,8 @@ -import os from twisted.internet import defer from twisted.trial import unittest from ooni.tests import is_internet_connected -from ooni.settings import config from ooni import geoip @@ -24,3 +22,14 @@ class TestGeoIP(unittest.TestCase): probe_ip = geoip.ProbeIP() res = yield probe_ip.lookup() assert len(res.split('.')) == 4 + + def test_geoip_database_version(self): + version = geoip.database_version() + assert 'GeoIP' in version.keys() + assert 'GeoIPASNum' in version.keys() + assert 'GeoLiteCity' in version.keys() + + assert len(version['GeoIP']['sha256']) == 64 + assert isinstance(version['GeoIP']['timestamp'], float) + assert len(version['GeoIPASNum']['sha256']) == 64 + assert isinstance(version['GeoIPASNum']['timestamp'], float)

1 0

[ooni-probe/master] Add to the report the geoip database version
by art＠torproject.org 13 Aug '14

13 Aug '14

commit 60efdba2d6656a9eab085d97bcad212d6c7c3770 Author: Arturo Filastò <art(a)fuffa.org> Date: Thu Aug 7 18:21:31 2014 +0200 Add to the report the geoip database version This implements: https://trac.torproject.org/projects/tor/ticket/12771 --- ooni/geoip.py | 53 ++++++++++++++++++++++++++++++++++++++++++++++++----- ooni/nettest.py | 4 +++- 2 files changed, 51 insertions(+), 6 deletions(-) diff --git a/ooni/geoip.py b/ooni/geoip.py index 53a1f70..d135595 100644 --- a/ooni/geoip.py +++ b/ooni/geoip.py @@ -2,12 +2,14 @@ import re import os import random +from hashlib import sha256 + from twisted.web import client, http_headers client._HTTP11ClientFactory.noisy = False -from twisted.internet import reactor, defer, protocol +from twisted.internet import reactor, defer -from ooni.utils import log, net, checkForRoot +from ooni.utils import log, checkForRoot from ooni import errors try: @@ -31,7 +33,7 @@ def IPToLocation(ipaddr): asn_file = os.path.join(config.advanced.geoip_data_dir, 'GeoIPASNum.dat') location = {'city': None, 'countrycode': 'ZZ', 'asn': 'AS0'} - + try: country_dat = GeoIP(country_file) location['countrycode'] = country_dat.country_code_by_addr(ipaddr) @@ -55,9 +57,50 @@ def IPToLocation(ipaddr): log.err("Could not find the ASN for your IP. " "Download the GeoIPASNum.dat file into the geoip_data_dir" " or install geoip-database-contrib.") - + return location +def database_version(): + from ooni.settings import config + + version = { + 'GeoIP': { + 'sha256': None, + 'timestamp': None, + }, + 'GeoIPASNum': { + 'sha256': None, + 'timestamp': None + }, + 'GeoLiteCity': { + 'sha256': None, + 'timestamp': None + } + } + + geoip_data_dir = config.advanced.get("geoip_data_dir") + if not geoip_data_dir: + return version + + for key in version.keys(): + geoip_file = os.path.join(geoip_data_dir, key + ".dat") + if not os.path.isfile(geoip_file): + continue + timestamp = os.stat(geoip_file).st_mtime + + sha256hash = sha256() + with open(geoip_file) as f: + while True: + chunk = f.read(8192) + if not chunk: + break + sha256hash.update(chunk) + + version[key]['timestamp'] = timestamp + version[key]['sha256'] = sha256hash.hexdigest() + return version + + class HTTPGeoIPLookupper(object): url = None @@ -131,7 +174,7 @@ class ProbeIP(object): 'countrycode': 'ZZ', 'ip': '127.0.0.1' } - + def resolveGeodata(self): from ooni.settings import config diff --git a/ooni/nettest.py b/ooni/nettest.py index eccde78..4cc453d 100644 --- a/ooni/nettest.py +++ b/ooni/nettest.py @@ -11,6 +11,7 @@ from twisted.python import usage, reflect from ooni.tasks import Measurement from ooni.utils import log, checkForRoot from ooni.settings import config +from ooni import geoip from ooni import errors as e @@ -228,7 +229,8 @@ class NetTestLoader(object): 'software_name': 'ooniprobe', 'software_version': software_version, 'options': self.options, - 'input_hashes': input_file_hashes + 'input_hashes': input_file_hashes, + 'geoip_database_version': geoip.database_version() } return test_details

1 0

[ooni-probe/master] Merge pull request #340 from TheTorProject/feature/12771
by art＠torproject.org 13 Aug '14

13 Aug '14

commit 3f68f1521b90961632d93d022c940b32d2985721 Merge: 137ddd8 60efdba Author: aagbsn <aagbsn(a)extc.org> Date: Wed Aug 13 16:35:05 2014 +0000 Merge pull request #340 from TheTorProject/feature/12771 Feature/12771 ooni/geoip.py | 53 +++++++++++++++++++++++++++++++++++++++++----- ooni/nettest.py | 4 +++- ooni/tests/test_geoip.py | 13 ++++++++++-- 3 files changed, 62 insertions(+), 8 deletions(-)

1 0

[translation/abouttor-homepage] Update translations for abouttor-homepage
by translation＠torproject.org 13 Aug '14

13 Aug '14

commit 03d877b5476b0e34d7046fe5b00cfb6ce9974b27 Author: Translation commit bot <translation(a)torproject.org> Date: Wed Aug 13 18:15:45 2014 +0000 Update translations for abouttor-homepage --- nn/aboutTor.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nn/aboutTor.dtd b/nn/aboutTor.dtd index d804ac9..c34b086 100644 --- a/nn/aboutTor.dtd +++ b/nn/aboutTor.dtd @@ -43,6 +43,6 @@ <!ENTITY aboutTor.helpInfo5.label "Make a Donation »"> <!ENTITY aboutTor.helpInfo5.link "https://www.torproject.org/donate/donate.html.en"> -<!ENTITY aboutTor.footer.label "The Tor Project is a US 501(c)(3) non-profit dedicated to the research, development, and education of online anonymity and privacy."> +<!ENTITY aboutTor.footer.label "Tor-prosjektet er ein US 501(c)(3) frivillig organisasjon dedikert til forsking, utvikling og utdanning av nettbasert anonymitet og personvern."> <!ENTITY aboutTor.learnMore.label "Learn more about The Tor Project »"> <!ENTITY aboutTor.learnMore.link "https://www.torproject.org/about/overview.html.en">

1 0