June 2015 - tor-commits - lists.torproject.org

[tor/master] Ensure signing_key is non-NULL before accessing one of its members
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit 383a27afc58b7a416fe0f30c80fdd069bc03d5d4 Author: teor <teor2345(a)gmail.com> Date: Wed Jun 3 03:56:05 2015 +1000 Ensure signing_key is non-NULL before accessing one of its members signing_key can be NULL in ed_key_init_from_file in routerkeys.c. Discovered by clang 3.7 address sanitizer. Fix on c03694938ed0, not in any released version of Tor. --- changes/bug16115-signing-key-NULL-check | 6 ++++++ src/or/routerkeys.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/changes/bug16115-signing-key-NULL-check b/changes/bug16115-signing-key-NULL-check new file mode 100644 index 0000000..3d4f05b --- /dev/null +++ b/changes/bug16115-signing-key-NULL-check @@ -0,0 +1,6 @@ + o Minor fixes (threads, comments): + - Ensure signing_key is non-NULL before accessing one of its members + signing_key can be NULL in ed_key_init_from_file in routerkeys.c. + Discovered by clang 3.7 address sanitizer. + Patch by "teor". + Fix on c03694938ed0, not in any released version of Tor. diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index b17d195..e79204c 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -152,7 +152,8 @@ ed_key_init_from_file(const char *fname, uint32_t flags, ED25519_PUBKEY_LEN)) { tor_log(severity, LD_OR, "Cert was for wrong key"); bad_cert = 1; - } else if (tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 && + } else if (signing_key && + tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 && (signing_key || cert->cert_expired)) { tor_log(severity, LD_OR, "Can't check certificate"); bad_cert = 1;

1 0

[tor/master] Check for NULL values in getinfo_helper_onions
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit 6d8a2ff24f18cc008d3c180a191f5040c7b2e2ba Author: teor <teor2345(a)gmail.com> Date: Wed Jun 3 03:58:28 2015 +1000 Check for NULL values in getinfo_helper_onions Fix on 915c7438a77e in Tor 0.2.7.1-alpha. --- changes/bug16115-NULL-getinfo-onions | 4 ++++ src/or/control.c | 10 +++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/changes/bug16115-NULL-getinfo-onions b/changes/bug16115-NULL-getinfo-onions new file mode 100644 index 0000000..ec1661e --- /dev/null +++ b/changes/bug16115-NULL-getinfo-onions @@ -0,0 +1,4 @@ + o Minor fixes (threads, comments): + - Check for NULL values in getinfo_helper_onions + Patch by "teor". + Fix on 915c7438a77e in Tor 0.2.7.1-alpha. diff --git a/src/or/control.c b/src/or/control.c index 2eaad4e..7a113f2 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2193,7 +2193,7 @@ getinfo_helper_onions(control_connection_t *control_conn, { smartlist_t *onion_list = NULL; - if (!strcmp(question, "onions/current")) { + if (control_conn && !strcmp(question, "onions/current")) { onion_list = control_conn->ephemeral_onion_services; } else if (!strcmp(question, "onions/detached")) { onion_list = detached_onion_services; @@ -2201,10 +2201,14 @@ getinfo_helper_onions(control_connection_t *control_conn, return 0; } if (!onion_list || smartlist_len(onion_list) == 0) { - *errmsg = "No onion services of the specified type."; + if (errmsg) { + *errmsg = "No onion services of the specified type."; + } return -1; } - *answer = smartlist_join_strings(onion_list, "\r\n", 0, NULL); + if (answer) { + *answer = smartlist_join_strings(onion_list, "\r\n", 0, NULL); + } return 0; }

1 0

[tor/master] Fix an incorrect comment on spawn_func
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit b1094fdec505088a39c94da79219d17c10baabef Author: teor <teor2345(a)gmail.com> Date: Wed Jun 3 03:39:34 2015 +1000 Fix an incorrect comment on spawn_func spawn_func calls pthread_create on unix, not fork Fix on existing code split out of compat.c into compat_pthreads.c in c2f0d52b7fb9 --- changes/bug16115-spawn-comment | 6 ++++++ src/common/compat_pthreads.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/changes/bug16115-spawn-comment b/changes/bug16115-spawn-comment new file mode 100644 index 0000000..7792564 --- /dev/null +++ b/changes/bug16115-spawn-comment @@ -0,0 +1,6 @@ + o Minor fixes (threads, comments): + - Fix an incorrect comment on spawn_func in compat_pthreads.c. + spawn_func calls pthread_create on unix, not fork + Patch by "teor". + Bugfix on unknown tor version (existing code split out of + compat.c into compat_pthreads.c in c2f0d52b7fb9 on 22 Sep 2013). diff --git a/src/common/compat_pthreads.c b/src/common/compat_pthreads.c index fdc5046..487f7e5 100644 --- a/src/common/compat_pthreads.c +++ b/src/common/compat_pthreads.c @@ -50,7 +50,8 @@ static pthread_attr_t attr_detached; static int threads_initialized = 0; /** Minimalist interface to run a void function in the background. On - * Unix calls fork, on win32 calls beginthread. Returns -1 on failure. + * Unix calls pthread_create, on win32 calls beginthread. Returns -1 on + * failure. * func should not return, but rather should call spawn_exit. * * NOTE: if <b>data</b> is used, it should not be allocated on the stack,

1 0

[tor/master] Merge remote-tracking branch 'teor/bug16115-minor-fixes'
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit 34edf17d88a5eaf7bd10aaa557ac5af5c85fa71f Merge: e8386cc 6d8a2ff Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 2 14:51:13 2015 -0400 Merge remote-tracking branch 'teor/bug16115-minor-fixes' changes/bug16115-NULL-getinfo-onions | 4 ++++ changes/bug16115-init-var | 4 ++++ changes/bug16115-signing-key-NULL-check | 6 ++++++ changes/bug16115-spawn-comment | 6 ++++++ changes/bug16115-undef-directive-in-macro | 6 ++++++ changes/bug16115-unused-find-cipher | 7 +++++++ src/common/compat_pthreads.c | 3 ++- src/common/tortls.c | 2 ++ src/or/control.c | 10 +++++++--- src/or/rendcommon.c | 2 +- src/or/routerkeys.c | 3 ++- src/test/test_util.c | 7 +++---- 12 files changed, 50 insertions(+), 10 deletions(-)

1 0

[tor/master] Silence unused variable warnings in find_cipher_by_id
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit b3f79da0d589157948262d4a5c81969da789c0c4 Author: teor <teor2345(a)gmail.com> Date: Wed Jun 3 03:43:46 2015 +1000 Silence unused variable warnings in find_cipher_by_id Unused variable warnings were still generated under some versions of OpenSSL. Instead, make sure all variables are used under all versions. Fix on 496df21c89d1, not in any released version of tor. --- changes/bug16115-unused-find-cipher | 7 +++++++ src/common/tortls.c | 2 ++ 2 files changed, 9 insertions(+) diff --git a/changes/bug16115-unused-find-cipher b/changes/bug16115-unused-find-cipher new file mode 100644 index 0000000..0f04d67 --- /dev/null +++ b/changes/bug16115-unused-find-cipher @@ -0,0 +1,7 @@ + o Minor fixes (threads, comments): + - Silence unused variable warnings in find_cipher_by_id + Unused variable warnings were still generated under some versions + of OpenSSL. Instead, make sure all variables are used under all + versions of OpenSSL. + Patch by "teor". + Fix on 496df21c89d1, not in any released version of tor. diff --git a/src/common/tortls.c b/src/common/tortls.c index a4b6c48..70b9f0b 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1483,6 +1483,8 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) } #endif (void) ssl; + (void) m; + (void) cipher; return 1; /* No way to search */ }

1 0

[tor/master] Remove undefined directive-in-macro in test_util_writepid
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit e0477de0e262e9009021cbd0556b7a9541d2192c Author: teor <teor2345(a)gmail.com> Date: Wed Jun 3 03:52:31 2015 +1000 Remove undefined directive-in-macro in test_util_writepid clang 3.7 complains that using a preprocessor directive inside a macro invocation in test_util_writepid in test_util.c is undefined. Fix on 79e85313aa61 on 0.2.7.1-alpha. --- changes/bug16115-undef-directive-in-macro | 6 ++++++ src/test/test_util.c | 7 +++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/changes/bug16115-undef-directive-in-macro b/changes/bug16115-undef-directive-in-macro new file mode 100644 index 0000000..8031267 --- /dev/null +++ b/changes/bug16115-undef-directive-in-macro @@ -0,0 +1,6 @@ + o Minor fixes (threads, comments): + - Remove undefined directive-in-macro in test_util_writepid + clang 3.7 complains that using a preprocessor directive inside + a macro invocation in test_util_writepid in test_util.c is undefined. + Patch by "teor". + Fix on 79e85313aa61 on 0.2.7.1-alpha. diff --git a/src/test/test_util.c b/src/test/test_util.c index 30dc598..b0366db 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -4319,13 +4319,12 @@ test_util_writepid(void *arg) int n = sscanf(contents, "%lu\n%c", &pid, &c); tt_int_op(n, OP_EQ, 1); - tt_uint_op(pid, OP_EQ, + #ifdef _WIN32 - _getpid() + tt_uint_op(pid, OP_EQ, _getpid()); #else - getpid() + tt_uint_op(pid, OP_EQ, getpid()); #endif - ); done: tor_free(contents);

1 0

[tor/master] Always initialise return value in compute_desc_id in rendcommon.c
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit 2b73dbf2a4c2fcf42fdd2987b3fa72efdec3a222 Author: teor <teor2345(a)gmail.com> Date: Wed Jun 3 03:48:46 2015 +1000 Always initialise return value in compute_desc_id in rendcommon.c Fix on e6a581f126ba, released in 0.2.7.1-alpha. --- changes/bug16115-init-var | 4 ++++ src/or/rendcommon.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/changes/bug16115-init-var b/changes/bug16115-init-var new file mode 100644 index 0000000..e3e924a --- /dev/null +++ b/changes/bug16115-init-var @@ -0,0 +1,4 @@ + o Minor fixes (threads, comments): + - Always initialise return value in compute_desc_id in rendcommon.c + Patch by "teor". + Fix on e6a581f126ba, released in 0.2.7.1-alpha. diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index ec4353c..0acca58 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1417,7 +1417,7 @@ rend_data_dup(const rend_data_t *data) static int compute_desc_id(rend_data_t *rend_data) { - int ret; + int ret = 0; unsigned replica; time_t now = time(NULL);

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.6'
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit e8386cce1ce41b667095cd9590567204d2ab0ba0 Merge: 0030765 a68e532 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 2 14:29:37 2015 -0400 Merge remote-tracking branch 'origin/maint-0.2.6' changes/bug16244 | 7 +++++++ src/common/sandbox.c | 2 ++ src/or/main.c | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-)

1 0

[tor/master] Fix sandboxing to work when running as a relay
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit a68e5323f809056cae9fcefc06357f9646595d89 Author: Peter Palfrader <peter(a)palfrader.org> Date: Tue Jun 2 20:06:49 2015 +0200 Fix sandboxing to work when running as a relay This includes correctly allowing renaming secret_id_key and allowing the eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. --- changes/bug16244 | 7 +++++++ src/common/sandbox.c | 2 ++ src/or/main.c | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/changes/bug16244 b/changes/bug16244 new file mode 100644 index 0000000..00bc557 --- /dev/null +++ b/changes/bug16244 @@ -0,0 +1,7 @@ + o Minor bugfixes (sandbox, relay): + - Fix sandboxing to work when running as a relay again. This + includes correctly allowing renaming secret_id_key and + allowing the eventfd2 and futex syscalls. + Fixes bug 16244; bugfix on 0.2.6.1-alpha. + Patch by Peter Palfrader. + diff --git a/src/common/sandbox.c b/src/common/sandbox.c index a32bd0d..cdb4521 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -129,11 +129,13 @@ static int filter_nopar_gen[] = { SCMP_SYS(clone), SCMP_SYS(epoll_create), SCMP_SYS(epoll_wait), + SCMP_SYS(eventfd2), SCMP_SYS(fcntl), SCMP_SYS(fstat), #ifdef __NR_fstat64 SCMP_SYS(fstat64), #endif + SCMP_SYS(futex), SCMP_SYS(getdents64), SCMP_SYS(getegid), #ifdef __NR_getegid32 diff --git a/src/or/main.c b/src/or/main.c index d0fe8cb..8aa9a15 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2984,7 +2984,7 @@ sandbox_init_filter(void) // orport if (server_mode(get_options())) { - OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", "tmp"); + OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp"); OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp"); OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp"); OPEN_DATADIR2("keys", "secret_id_key.old");

1 0

[tor/maint-0.2.6] Fix sandboxing to work when running as a relay
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit a68e5323f809056cae9fcefc06357f9646595d89 Author: Peter Palfrader <peter(a)palfrader.org> Date: Tue Jun 2 20:06:49 2015 +0200 Fix sandboxing to work when running as a relay This includes correctly allowing renaming secret_id_key and allowing the eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. --- changes/bug16244 | 7 +++++++ src/common/sandbox.c | 2 ++ src/or/main.c | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/changes/bug16244 b/changes/bug16244 new file mode 100644 index 0000000..00bc557 --- /dev/null +++ b/changes/bug16244 @@ -0,0 +1,7 @@ + o Minor bugfixes (sandbox, relay): + - Fix sandboxing to work when running as a relay again. This + includes correctly allowing renaming secret_id_key and + allowing the eventfd2 and futex syscalls. + Fixes bug 16244; bugfix on 0.2.6.1-alpha. + Patch by Peter Palfrader. + diff --git a/src/common/sandbox.c b/src/common/sandbox.c index a32bd0d..cdb4521 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -129,11 +129,13 @@ static int filter_nopar_gen[] = { SCMP_SYS(clone), SCMP_SYS(epoll_create), SCMP_SYS(epoll_wait), + SCMP_SYS(eventfd2), SCMP_SYS(fcntl), SCMP_SYS(fstat), #ifdef __NR_fstat64 SCMP_SYS(fstat64), #endif + SCMP_SYS(futex), SCMP_SYS(getdents64), SCMP_SYS(getegid), #ifdef __NR_getegid32 diff --git a/src/or/main.c b/src/or/main.c index d0fe8cb..8aa9a15 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2984,7 +2984,7 @@ sandbox_init_filter(void) // orport if (server_mode(get_options())) { - OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", "tmp"); + OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp"); OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp"); OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp"); OPEN_DATADIR2("keys", "secret_id_key.old");

1 0