May 2015 - tor-commits - lists.torproject.org

[tor/master] Memory leak on error in connection_or_compute_auth_cell_body. CID 1301372
by nickm＠torproject.org 28 May '15

28 May '15

commit 5f15b0e1e25dac6143a0a3f4398d03524ec15c46 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 28 12:51:20 2015 -0400 Memory leak on error in connection_or_compute_auth_cell_body. CID 1301372 --- src/or/connection_or.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 48128d6..a967c93 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2356,7 +2356,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, const digests_t *my_digests, *their_digests; const uint8_t *my_id, *their_id, *client_id, *server_id; if (tor_tls_get_my_certs(server, &link_cert, &id_cert)) - return -1; + goto err; my_digests = tor_x509_cert_get_id_digests(id_cert); their_digests = tor_x509_cert_get_id_digests(conn->handshake_state->id_cert); @@ -2455,7 +2455,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, d, 32); if (siglen < 0) { log_warn(LD_OR, "Unable to sign AUTH1 data."); - return -1; + goto err; } auth1_setlen_sig(auth, siglen);

1 0

[tor/master] Small leak in ed_key_init_from_file. CID 1301373
by nickm＠torproject.org 28 May '15

28 May '15

commit 2c32b2848a607978cf1722fd28a4cfe35a9cfe1c Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 28 12:52:34 2015 -0400 Small leak in ed_key_init_from_file. CID 1301373 --- src/or/routerkeys.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 59169cd..91de4db 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -216,6 +216,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags, tor_free(secret_fname); tor_free(public_fname); tor_free(cert_fname); + tor_free(got_tag); return keypair; }

1 0

[tor/master] Fix memory leak in test_routerkeys
by nickm＠torproject.org 28 May '15

28 May '15

commit 72714270e20e7c9017881989dc0ba12fdc655edd Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 28 13:00:25 2015 -0400 Fix memory leak in test_routerkeys CID 1301376 --- src/test/test_routerkeys.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c index 26f9701..f0ac9ff 100644 --- a/src/test/test_routerkeys.c +++ b/src/test/test_routerkeys.c @@ -604,6 +604,8 @@ test_routerkeys_cross_certify_tap(void *args) done: tor_free(cc); + crypto_pk_free(id_key); + crypto_pk_free(onion_key); } #define TEST(name, flags) \

1 0

[stem/master] Shorten setup.py description and drop provides clause
by atagar＠torproject.org 28 May '15

28 May '15

commit 7c0ed74d5f36bb6700344340adc37ee30aaf7fb7 Author: Damian Johnson <atagar(a)torproject.org> Date: Thu May 28 08:21:22 2015 -0700 Shorten setup.py description and drop provides clause Took a look at Sphinx's setup.py to see if we could learn anything. Not terribly much, but encouraged me to make a briefer description and looks as though the provides clause is optional. --- setup.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 4d0df77..9784441 100644 --- a/setup.py +++ b/setup.py @@ -9,13 +9,12 @@ import stem distutils.core.setup( name = 'stem', version = stem.__version__, - description = "Python controller library that allows applications to interact with Tor <https://www.torproject.org/>.", + description = 'Controller library for interacting with Tor <https://www.torproject.org/>', license = stem.__license__, author = stem.__author__, author_email = stem.__contact__, url = stem.__url__, packages = ['stem', 'stem.descriptor', 'stem.interpreter', 'stem.response', 'stem.util'], - provides = ['stem'], keywords = 'tor onion controller', scripts = ['tor-prompt'], package_data = {'stem.interpreter': ['settings.cfg'], 'stem.util': ['ports.cfg']},

1 0

[stem/master] Clarify instructions for Arch Linux
by atagar＠torproject.org 28 May '15

28 May '15

commit dd39b66ad8fd92c42c87a943e1d3f0138738175e Author: Damian Johnson <atagar(a)torproject.org> Date: Thu May 28 10:01:17 2015 -0700 Clarify instructions for Arch Linux Checked with Sjon about the commands to install on Arch Linux, so we can match our other entries. --- docs/download.rst | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/docs/download.rst b/docs/download.rst index 3047316..e032db7 100644 --- a/docs/download.rst +++ b/docs/download.rst @@ -36,15 +36,15 @@ Download * Gentoo Source: https://www.gentoo.org/main/en/name-logo.xml + * Arch Linux + Source: https://en.wikipedia.org/wiki/File:Archlinux-official-fullcolour.svg + * Slackware Source: NuoveXT (http://nuovext.pwsp.net/) Author: Alexandre Moore (http://sa-ki.deviantart.com/) License: GPL v2 File: NuoveXT/128x128/apps/slackware.png - * Arch Linux - Source: https://en.wikipedia.org/wiki/File:Archlinux-official-fullcolour.svg - * FreeBSD Source: https://en.wikipedia.org/wiki/File:Freebsd_logo.svg Author: Anton Gural @@ -90,6 +90,7 @@ Download :: + % sudo easy_install pip % sudo pip install stem * - .. image:: /_static/section/download/debian.png @@ -142,23 +143,30 @@ Download % sudo emerge stem - * - .. image:: /_static/section/download/slackware.png - :target: http://slackbuilds.org/repository/14.1/python/stem/ - - - .. image:: /_static/label/slackware.png - :target: http://slackbuilds.org/repository/14.1/python/stem/ - - Package maintained by Markus for Slackware (`instructions - <http://slackbuilds.org/howto/>`_). - * - .. image:: /_static/section/download/archlinux.png :target: https://aur.archlinux.org/packages/stem/ - .. image:: /_static/label/archlinux.png :target: https://aur.archlinux.org/packages/stem/ - Package maintained by Sjon for Arch Linux (`instructions - <https://wiki.archlinux.org/index.php/AUR#Installing_packages>`_). + Package maintained by Sjon for `Arch Linux + <https://wiki.archlinux.org/index.php/AUR#Installing_packages>`_. + + :: + + % wget https://aur.archlinux.org/packages/st/stem/stem.tar.gz + % tar -xvf stem.tar.gz + % cd stem + % makepkg --install + + * - .. image:: /_static/section/download/slackware.png + :target: http://slackbuilds.org/repository/14.1/python/stem/ + + - .. image:: /_static/label/slackware.png + :target: http://slackbuilds.org/repository/14.1/python/stem/ + + Package maintained by Markus for `Slackware + <http://slackbuilds.org/howto/>`_. * - .. image:: /_static/section/download/freebsd.png :target: http://www.freshports.org/security/py-stem/ @@ -166,8 +174,8 @@ Download - .. image:: /_static/label/freebsd.png :target: http://www.freshports.org/security/py-stem/ - Port maintained by Carlo for FreeBSD (`instructions - <http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html>`_). + Port maintained by Carlo for `FreeBSD + <http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html>`_. * - .. image:: /_static/section/download/git.png :target: https://gitweb.torproject.org/stem.git

1 0

[tor/master] Fix null dereference on key setup error.
by nickm＠torproject.org 28 May '15

28 May '15

commit 24a2bb08abb08e03de8ff962167179cdb4659ed2 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 28 12:46:06 2015 -0400 Fix null dereference on key setup error. CID 1301369 --- src/or/routerkeys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 7b7a6d0..59169cd 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -199,7 +199,8 @@ ed_key_init_from_file(const char *fname, uint32_t flags, goto cleanup; err: - memwipe(keypair, 0, sizeof(*keypair)); + if (keypair) + memwipe(keypair, 0, sizeof(*keypair)); tor_free(keypair); tor_cert_free(cert); if (cert_out)

1 0

[tor/master] Update trunnel code.
by nickm＠torproject.org 28 May '15

28 May '15

commit e045c3e1e8a4b455ca4e6ee4429a0b5b02382f75 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 28 12:44:52 2015 -0400 Update trunnel code. This gets the minor change in trunnel 1.4.1, which should avoid deadcode warnings from Coverity. --- src/ext/trunnel/trunnel-impl.h | 2 +- src/ext/trunnel/trunnel.c | 2 +- src/ext/trunnel/trunnel.h | 2 +- src/trunnel/ed25519_cert.c | 4 ++-- src/trunnel/ed25519_cert.h | 2 +- src/trunnel/link_handshake.c | 4 ++-- src/trunnel/link_handshake.h | 2 +- src/trunnel/pwbox.c | 2 +- src/trunnel/pwbox.h | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/ext/trunnel/trunnel-impl.h b/src/ext/trunnel/trunnel-impl.h index 8714fde..d98dc34 100644 --- a/src/ext/trunnel/trunnel-impl.h +++ b/src/ext/trunnel/trunnel-impl.h @@ -1,4 +1,4 @@ -/* trunnel-impl.h -- copied from Trunnel v1.2 +/* trunnel-impl.h -- copied from Trunnel v1.4.1 * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ diff --git a/src/ext/trunnel/trunnel.c b/src/ext/trunnel/trunnel.c index 7353237..ce8db4d 100644 --- a/src/ext/trunnel/trunnel.c +++ b/src/ext/trunnel/trunnel.c @@ -1,4 +1,4 @@ -/* trunnel.c -- copied from Trunnel v1.4-pre +/* trunnel.c -- copied from Trunnel v1.4.1 * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ diff --git a/src/ext/trunnel/trunnel.h b/src/ext/trunnel/trunnel.h index 22c1ed8..78da904 100644 --- a/src/ext/trunnel/trunnel.h +++ b/src/ext/trunnel/trunnel.h @@ -1,4 +1,4 @@ -/* trunnel.h -- copied from Trunnel v1.2 +/* trunnel.h -- copied from Trunnel v1.4.1 * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ diff --git a/src/trunnel/ed25519_cert.c b/src/trunnel/ed25519_cert.c index 2a84e4b..6931eae 100644 --- a/src/trunnel/ed25519_cert.c +++ b/src/trunnel/ed25519_cert.c @@ -1,4 +1,4 @@ -/* ed25519_cert.c -- generated by Trunnel v1.2. +/* ed25519_cert.c -- generated by Trunnel v1.4.1. * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ @@ -862,7 +862,7 @@ ed25519_cert_parse_into(ed25519_cert_t *obj, const uint8_t *input, const size_t truncated: return -2; relay_fail: - if (result >= 0) result = -1; + trunnel_assert(result < 0); return result; trunnel_alloc_failed: return -1; diff --git a/src/trunnel/ed25519_cert.h b/src/trunnel/ed25519_cert.h index 3ddf95e..7839af4 100644 --- a/src/trunnel/ed25519_cert.h +++ b/src/trunnel/ed25519_cert.h @@ -1,4 +1,4 @@ -/* ed25519_cert.h -- generated by by Trunnel v1.2. +/* ed25519_cert.h -- generated by by Trunnel v1.4.1. * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ diff --git a/src/trunnel/link_handshake.c b/src/trunnel/link_handshake.c index 9630d13..f53161a 100644 --- a/src/trunnel/link_handshake.c +++ b/src/trunnel/link_handshake.c @@ -1,4 +1,4 @@ -/* link_handshake.c -- generated by Trunnel v1.4-pre. +/* link_handshake.c -- generated by Trunnel v1.4.1. * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ @@ -1863,7 +1863,7 @@ certs_cell_parse_into(certs_cell_t *obj, const uint8_t *input, const size_t len_ truncated: return -2; relay_fail: - if (result >= 0) result = -1; + trunnel_assert(result < 0); return result; trunnel_alloc_failed: return -1; diff --git a/src/trunnel/link_handshake.h b/src/trunnel/link_handshake.h index 109fe8d..6da6599 100644 --- a/src/trunnel/link_handshake.h +++ b/src/trunnel/link_handshake.h @@ -1,4 +1,4 @@ -/* link_handshake.h -- generated by by Trunnel v1.4-pre. +/* link_handshake.h -- generated by by Trunnel v1.4.1. * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ diff --git a/src/trunnel/pwbox.c b/src/trunnel/pwbox.c index bfea3ac..28a4f74 100644 --- a/src/trunnel/pwbox.c +++ b/src/trunnel/pwbox.c @@ -1,4 +1,4 @@ -/* pwbox.c -- generated by Trunnel v1.2. +/* pwbox.c -- generated by Trunnel v1.4.1. * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ diff --git a/src/trunnel/pwbox.h b/src/trunnel/pwbox.h index 5b170eb..a6964b5 100644 --- a/src/trunnel/pwbox.h +++ b/src/trunnel/pwbox.h @@ -1,4 +1,4 @@ -/* pwbox.h -- generated by by Trunnel v1.2. +/* pwbox.h -- generated by by Trunnel v1.4.1. * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */

1 0

[tor/master] Fix a bug when we fail to read a cert from a file.
by nickm＠torproject.org 28 May '15

28 May '15

commit c03694938ed0b9510d1d6b04d0e650dc64d14074 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 28 12:30:25 2015 -0400 Fix a bug when we fail to read a cert from a file. Found by coverity -- CID 1301366. --- src/or/routerkeys.c | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 556ab45..7b7a6d0 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -142,26 +142,24 @@ ed_key_init_from_file(const char *fname, uint32_t flags, cert = tor_cert_parse(certbuf, cert_body_len); /* If we got it, check it to the extent we can. */ - if (cert) { - int bad_cert = 0; - - if (! cert) { - tor_log(severity, LD_OR, "Cert was unparseable"); - bad_cert = 1; - } else if (!tor_memeq(cert->signed_key.pubkey, keypair->pubkey.pubkey, - ED25519_PUBKEY_LEN)) { - tor_log(severity, LD_OR, "Cert was for wrong key"); - bad_cert = 1; - } else if (tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 && - (signing_key || cert->cert_expired)) { - tor_log(severity, LD_OR, "Can't check certificate"); - bad_cert = 1; - } + int bad_cert = 0; + + if (! cert) { + tor_log(severity, LD_OR, "Cert was unparseable"); + bad_cert = 1; + } else if (!tor_memeq(cert->signed_key.pubkey, keypair->pubkey.pubkey, + ED25519_PUBKEY_LEN)) { + tor_log(severity, LD_OR, "Cert was for wrong key"); + bad_cert = 1; + } else if (tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 && + (signing_key || cert->cert_expired)) { + tor_log(severity, LD_OR, "Can't check certificate"); + bad_cert = 1; + } - if (bad_cert) { - tor_cert_free(cert); - cert = NULL; - } + if (bad_cert) { + tor_cert_free(cert); + cert = NULL; } /* If we got a cert, we're done. */

1 0

[tor/master] Avoid dereferencing null on unit test failure for link handshakes.
by nickm＠torproject.org 28 May '15

28 May '15

commit a348df6d8b049785ffaec4a56adda744a63a9581 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 28 12:41:00 2015 -0400 Avoid dereferencing null on unit test failure for link handshakes. This fixes CID 1301368 -- found by coverity --- src/test/test_link_handshake.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c index bfdd6f3..b3b6531 100644 --- a/src/test/test_link_handshake.c +++ b/src/test/test_link_handshake.c @@ -179,9 +179,11 @@ test_link_handshake_certs_ok(void *arg) tor_free(cell2); certs_cell_free(cc1); certs_cell_free(cc2); - circuitmux_free(chan1->base_.cmux); + if (chan1) + circuitmux_free(chan1->base_.cmux); tor_free(chan1); - circuitmux_free(chan2->base_.cmux); + if (chan2) + circuitmux_free(chan2->base_.cmux); tor_free(chan2); crypto_pk_free(key1); crypto_pk_free(key2);

1 0

[trunnel/master] It is not necessary to compare "result" to 0 in relay_fail
by nickm＠torproject.org 28 May '15

28 May '15

commit caeb549da47e44532a22dcb5baffaf82856db24e Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 28 12:38:47 2015 -0400 It is not necessary to compare "result" to 0 in relay_fail Instead, assert that it is less than 0. Otherwise, Coverity issues frequent complaints about dead code. --- lib/trunnel/CodeGen.py | 2 +- lib/trunnel/__init__.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/trunnel/CodeGen.py b/lib/trunnel/CodeGen.py index 5a5f070..047a078 100644 --- a/lib/trunnel/CodeGen.py +++ b/lib/trunnel/CodeGen.py @@ -2409,7 +2409,7 @@ class ParseFnGenerator(CodeGenerator): self.w(' truncated:\n return -2;\n') if 'relay_fail' in self.needLabels: self.w( - ' relay_fail:\n if (result >= 0) result = -1;\n return result;\n') + ' relay_fail:\n trunnel_assert(result < 0);\n return result;\n') if 'trunnel_alloc_failed' in self.needLabels: self.w(" trunnel_alloc_failed:\n return -1;\n") if 'fail' in self.needLabels: diff --git a/lib/trunnel/__init__.py b/lib/trunnel/__init__.py index b39d47a..e444887 100644 --- a/lib/trunnel/__init__.py +++ b/lib/trunnel/__init__.py @@ -3,4 +3,4 @@ # a package. # -__version__ = "1.4-pre" +__version__ = "1.4.1"

1 0