- tor-commits - lists.torproject.org

[arm/master] fix: wasn't shutting down daemons after interrupt
by atagar＠torproject.org 01 Jul '11

01 Jul '11

commit 796b9c0feb9e325177d1b4e42c1e07c3ee748283 Author: Damian Johnson <atagar(a)torproject.org> Date: Fri Jul 1 08:51:37 2011 -0700 fix: wasn't shutting down daemons after interrupt Moving the shutdown of service daemons into finally block so it's done after keyboard interrupts (ie, ctrl+c). Otherwise shutting down this way could cause occasional stacktraces. --- src/cli/controller.py | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/cli/controller.py b/src/cli/controller.py index e771a26..c9ab6e7 100644 --- a/src/cli/controller.py +++ b/src/cli/controller.py @@ -503,6 +503,7 @@ def startTorMonitor(startTime): curses.wrapper(drawTorMonitor, startTime) except KeyboardInterrupt: pass # skip printing stack trace in case of keyboard interrupt + finally: shutdownDaemons() def drawTorMonitor(stdscr, startTime): """ @@ -602,6 +603,4 @@ def drawTorMonitor(stdscr, startTime): for panelImpl in displayPanels: isKeystrokeConsumed = panelImpl.handleKey(key) if isKeystrokeConsumed: break - - shutdownDaemons()

1 0

[arm/master] Config options for client section of the wizard
by atagar＠torproject.org 01 Jul '11

01 Jul '11

commit 3c2d5cbad683174b22f83619aa8c5046d5544627 Author: Damian Johnson <atagar(a)torproject.org> Date: Fri Jul 1 10:16:00 2011 -0700 Config options for client section of the wizard Client config options include bridging and MaxCircuitDirtiness. It also provides a link for preconfigured tor setups: http://www.atagar.com/torUsageTips/ --- src/cli/wizard.py | 41 +++++++++++++++++++++++++++++------------ src/settings.cfg | 21 +++++++++++++++++++-- 2 files changed, 48 insertions(+), 14 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index c6186e5..79f548e 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -15,7 +15,7 @@ from util import enum, uiTools RelayType = enum.Enum("RELAY", "EXIT", "BRIDGE", "CLIENT") # all options that can be configured -Options = enum.Enum("DIVIDER", "NICKNAME", "CONTACT", "NOTIFY", "BANDWIDTH", "LIMIT", "CLIENT", "PORTFORWARD", "STARTUP", "NOTICE", "POLICY", "WEBSITES", "EMAIL", "IM", "MISC", "PLAINTEXT", "DISTRIBUTE") +Options = enum.Enum("DIVIDER", "NICKNAME", "CONTACT", "NOTIFY", "BANDWIDTH", "LIMIT", "CLIENT", "PORTFORWARD", "STARTUP", "NOTICE", "POLICY", "WEBSITES", "EMAIL", "IM", "MISC", "PLAINTEXT", "DISTRIBUTE", "BRIDGED", "BRIDGE1", "BRIDGE2", "BRIDGE3", "REUSE") RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.CONTACT, Options.NOTIFY, @@ -46,10 +46,16 @@ RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.CLIENT, Options.PORTFORWARD, Options.STARTUP - )} + ), + RelayType.CLIENT: (Options.BRIDGED, + Options.BRIDGE1, + Options.BRIDGE2, + Options.BRIDGE3, + Options.REUSE)} -# custom exit policy options +# option sets CUSTOM_POLICIES = (Options.WEBSITES, Options.EMAIL, Options.IM, Options.MISC, Options.PLAINTEXT) +BRIDGE_ENTRIES = (Options.BRIDGE1, Options.BRIDGE2, Options.BRIDGE3) # other options provided in the prompts CANCEL, NEXT, BACK = "Cancel", "Next", "Back" @@ -61,8 +67,9 @@ DISABLED_COLOR = "cyan" CONFIG = {"wizard.message.role": "", "wizard.message.relay": "", - "wizard.message.bridge": "", "wizard.message.exit": "", + "wizard.message.bridge": "", + "wizard.message.client": "", "wizard.toggle": {}, "wizard.suboptions": [], "wizard.default": {}, @@ -203,8 +210,15 @@ def showWizard(): # enables custom policies when 'custom' is selected and disables otherwise policyOpt = config[Options.POLICY] - policyOpt.setValidator(functools.partial(_exitPolicyAction, config)) - _exitPolicyAction(config, policyOpt, policyOpt.getValue()) + customPolicies = [config[opt] for opt in CUSTOM_POLICIES] + policyOpt.setValidator(functools.partial(_toggleEnabledAction, customPolicies)) + _toggleEnabledAction(customPolicies, policyOpt, policyOpt.getValue()) + + # enables bridge entries when "Use Bridges" is set and disables otherwise + useBridgeOpt = config[Options.BRIDGED] + bridgeEntries = [config[opt] for opt in BRIDGE_ENTRIES] + useBridgeOpt.setValidator(functools.partial(_toggleEnabledAction, bridgeEntries)) + _toggleEnabledAction(bridgeEntries, useBridgeOpt, useBridgeOpt.getValue()) # remembers the last selection made on the type prompt page relaySelection = RelayType.RELAY @@ -283,9 +297,6 @@ def promptConfigOptions(relayType, config): Prompts the user for the configuration of an internal relay. """ - # TODO: skipping section if it isn't ready yet - if not relayType in RelayOptions: return NEXT - topContent = _splitStr(CONFIG.get("wizard.message.%s" % relayType.lower(), ""), 54) options = [config[opt] for opt in RelayOptions[relayType]] @@ -395,11 +406,17 @@ def _splitStr(msg, width): return results -def _exitPolicyAction(config, option, value): +def _toggleEnabledAction(toggleOptions, option, value): """ Enables or disables custom exit policy options based on our selection. + + Arguments: + toggleOptions - configuration options to be toggled to match our our + selection (ie, true -> enabled, false -> disabled) + options - our config option + value - the value we're being set to """ - for opt in CUSTOM_POLICIES: - config[opt].setEnabled(not value) + for opt in toggleOptions: + opt.setEnabled(value) diff --git a/src/settings.cfg b/src/settings.cfg index f05dd71..aacec0a 100644 --- a/src/settings.cfg +++ b/src/settings.cfg @@ -345,25 +345,30 @@ wizard.message.role Welcome to the Tor network! This will step you through the c wizard.message.relay Internal relays provide connections within the Tor network. Since you will only be connecting to Tor users and relays this is an easy, hassle free way of helping to make the network better. wizard.message.exit Exits connect between the Tor network and the outside Internet. This is the most vitally important role you can take, but it also needs some forethought. Please read 'http://www.atagar.com/torExitTips/' before proceeding further to avoid any nasty surprises! wizard.message.bridge Bridges are non-public relays used as stepping stones for censored users for accessing the Tor network. +wizard.message.client This will make use of the Tor network without contributing to it. For easy, pre-configured setups that will help you to use Tor safely see 'http://www.atagar.com/torUsageTips/'. wizard.toggle Notify => Yes, No wizard.toggle Client => Enabled, Disabled wizard.toggle Portforward => Enabled, Disabled wizard.toggle Startup => Yes, No wizard.toggle Notice => Yes, No -wizard.toggle Policy => Default, Custom +wizard.toggle Policy => Custom, Default wizard.toggle Websites => Allow, Block wizard.toggle Email => Allow, Block wizard.toggle Im => Allow, Block wizard.toggle Misc => Allow, Block wizard.toggle Plaintext => Allow, Block wizard.toggle Distribute => Automated, Manual +wizard.toggle Bridged => Yes, No wizard.suboptions Websites wizard.suboptions Email wizard.suboptions Im wizard.suboptions Misc wizard.suboptions Plaintext +wizard.suboptions Bridge1 +wizard.suboptions Bridge2 +wizard.suboptions Bridge3 wizard.default Nickname => Unnamed wizard.default Notify => true @@ -372,13 +377,15 @@ wizard.default Startup => true wizard.default Client => false wizard.default Portforward => true wizard.default Notice => true -wizard.default Policy => true +wizard.default Policy => false wizard.default Websites => true wizard.default Email => true wizard.default Im => true wizard.default Misc => true wizard.default Plaintext => true wizard.default Distribute => true +wizard.default Bridged => false +wizard.default Reuse => 10 minutes wizard.label.general Cancel => Cancel wizard.label.general Back => Previous @@ -403,6 +410,11 @@ wizard.label.opt Im => Instant Messaging wizard.label.opt Misc => Other Services wizard.label.opt Plaintext => Unencrypted Traffic wizard.label.opt Distribute => Distribution +wizard.label.opt Bridged => Use Bridges +wizard.label.opt Bridge1 => First Bridge +wizard.label.opt Bridge2 => Second Bridge +wizard.label.opt Bridge3 => Third Bridge +wizard.label.opt Reuse => Circuit Duration wizard.description.general Cancel => Close without starting Tor. wizard.description.role Relay => Provides interconnections with other Tor relays. This is a safe and easy of making the network better. @@ -425,6 +437,11 @@ wizard.description.opt Im => Common instant messaging protocols including Jabber wizard.description.opt Misc => Protocols from the default policy that aren't among the above. wizard.description.opt Plaintext => When blocked the policy will exclude ports that aren't commonly encrypted. wizard.description.opt Distribute => If automated then we'll attempt to get your bridge to censored users (email auto-responders, activist networks, etc). Otherwise it'll be up to you to distribute the bridge address to people who need it. +wizard.description.opt Bridged => If you're being blocked from Tor then bridges provide a stepping stone you can use to connect. To get bridges visit 'https://bridges.torproject.org/' and enter the IP/port into the following entries (for instance "141.201.27.48:443"). +wizard.description.opt Bridge1 => Bridge used to connect to the Tor network. +wizard.description.opt Bridge2 => Fallback bridge used for connecting if the first is unavailable. +wizard.description.opt Bridge3 => Fallback bridge used for connecting if neither of the first two are available. +wizard.description.opt Reuse => Duration that circuits will be reused before replacements are made for new connections. It's good to periodically change the route you use, but making circuits takes a fair bit of work so don't set this to be too low. # some config options are fetched via special values torrc.map HiddenServiceDir => HiddenServiceOptions

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.2'
by nickm＠torproject.org 01 Jul '11

01 Jul '11

commit 734e860d98e1874dcd92e69051806e53205ee0b0 Merge: 0b53646 06f0c1a Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 12:56:40 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.2' changes/cid_428 | 5 +++++ changes/cid_450 | 5 +++++ changes/memleak_rendcache | 4 ++++ src/common/compat.c | 16 ++++++++++++++-- src/or/connection.c | 8 +++++++- src/or/dirserv.c | 2 +- src/or/rendcommon.c | 1 + 7 files changed, 37 insertions(+), 4 deletions(-)

1 0

[tor/master] Merge branch 'cov217_master'
by nickm＠torproject.org 01 Jul '11

01 Jul '11

commit e273890b10092b0a482204920606f3d6d0fdc4b9 Merge: 734e860 0317dc2 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 12:57:21 2011 -0400 Merge branch 'cov217_master' changes/cov217_scanf | 5 +++++ src/common/compat_libevent.c | 4 ++-- src/or/config.c | 2 +- src/or/directory.c | 6 +++--- src/or/eventdns.c | 4 ++-- src/or/geoip.c | 4 ++-- src/or/policies.c | 14 +++++++------- src/or/relay.c | 8 ++++---- src/or/routerlist.c | 2 ++ src/or/routerparse.c | 8 ++++---- src/test/test.c | 5 ++++- 11 files changed, 36 insertions(+), 26 deletions(-)

1 0

[tor/master] Replace a "const const" with a "const"
by nickm＠torproject.org 01 Jul '11

01 Jul '11

commit da62af6f6b369592609d2da43b82abde0bbccfac Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 11:11:35 2011 -0400 Replace a "const const" with a "const" Looks like this squeaked in while I was doing a search-and-replace to constify things. Coverity CID 483. --- src/or/config.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index df5cc86..bb335dd 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2367,7 +2367,7 @@ options_trial_assign(config_line_t *list, int use_defaults, * Called from option_reset() and config_free(). */ static void option_clear(const config_format_t *fmt, or_options_t *options, - const const config_var_t *var) + const config_var_t *var) { void *lvalue = STRUCT_VAR_P(options, var->var_offset); (void)fmt; /* unused */

1 0

[tor/master] Defensive programming: don't crash with broken node_t
by nickm＠torproject.org 01 Jul '11

01 Jul '11

commit eca982d3eb1e715394b2c67d8f420bcbe4a8486d Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 11:43:34 2011 -0400 Defensive programming: don't crash with broken node_t Every node_t has either a routerinfo_t or a routerstatus_t, so every node_t *should* have a nickname. Nonetheless, let's make sure in hex_digest_nickname_matches(). Should quiet CID 434. --- src/or/routerlist.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index f711282..15f643c 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2274,6 +2274,8 @@ hex_digest_nickname_matches(const char *hexdigest, const char *identity_digest, return 0; if (nn_char == '=' || nn_char == '~') { + if (!nickname) + return 0; if (strcasecmp(nn_buf, nickname)) return 0; if (nn_char == '=' && !is_named)

1 0

[tor/master] Don't shadow parameters with local variables
by nickm＠torproject.org 01 Jul '11

01 Jul '11

commit 1d18c2deb6d048a8d6f726e6c1b8ccbab4374e32 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 11:33:07 2011 -0400 Don't shadow parameters with local variables This is a little error-prone when the local has a different type from the parameter, and is very error-prone with both have the same type. Let's not do this. Fixes CID #437,438,439,440,441. --- src/or/directory.c | 6 +++--- src/or/eventdns.c | 4 ++-- src/or/policies.c | 14 +++++++------- src/or/relay.c | 8 ++++---- src/or/routerparse.c | 8 ++++---- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/or/directory.c b/src/or/directory.c index 7ded115..9e1373d 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -2592,7 +2592,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url) * Always return 0. */ static int directory_handle_command_get(dir_connection_t *conn, const char *headers, - const char *body, size_t body_len) + const char *req_body, size_t req_body_len) { size_t dlen; char *url, *url_mem, *header; @@ -2602,8 +2602,8 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers, size_t url_len; /* We ignore the body of a GET request. */ - (void)body; - (void)body_len; + (void)req_body; + (void)req_body_len; log_debug(LD_DIRSERV,"Received GET command."); diff --git a/src/or/eventdns.c b/src/or/eventdns.c index 321b7d7..7fe376b 100644 --- a/src/or/eventdns.c +++ b/src/or/eventdns.c @@ -1831,8 +1831,8 @@ evdns_server_request_respond(struct evdns_server_request *_req, int err) r = sendto(port->socket, req->response, req->response_len, 0, (struct sockaddr*) &req->addr, req->addrlen); if (r<0) { - int err = last_error(port->socket); - if (! error_is_eagain(err)) + int error = last_error(port->socket); + if (! error_is_eagain(error)) return -1; if (port->pending_replies) { diff --git a/src/or/policies.c b/src/or/policies.c index 983df86..1b5408c 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -83,15 +83,15 @@ policy_expand_private(smartlist_t **policy) continue; } for (i = 0; private_nets[i]; ++i) { - addr_policy_t policy; - memcpy(&policy, p, sizeof(addr_policy_t)); - policy.is_private = 0; - policy.is_canonical = 0; - if (tor_addr_parse_mask_ports(private_nets[i], &policy.addr, - &policy.maskbits, &port_min, &port_max)<0) { + addr_policy_t newpolicy; + memcpy(&newpolicy, p, sizeof(addr_policy_t)); + newpolicy.is_private = 0; + newpolicy.is_canonical = 0; + if (tor_addr_parse_mask_ports(private_nets[i], &newpolicy.addr, + &newpolicy.maskbits, &port_min, &port_max)<0) { tor_assert(0); } - smartlist_add(tmp, addr_policy_get_canonical_entry(&policy)); + smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy)); } addr_policy_free(p); }); diff --git a/src/or/relay.c b/src/or/relay.c index d647b18..df6d0a8 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -2337,13 +2337,13 @@ connection_or_flush_from_first_active_circuit(or_connection_t *conn, int max, /* Calculate the exact time that this cell has spent in the queue. */ if (get_options()->CellStatistics && !CIRCUIT_IS_ORIGIN(circ)) { - struct timeval now; + struct timeval tvnow; uint32_t flushed; uint32_t cell_waiting_time; insertion_time_queue_t *it_queue = queue->insertion_times; - tor_gettimeofday_cached(&now); - flushed = (uint32_t)((now.tv_sec % SECONDS_IN_A_DAY) * 100L + - (uint32_t)now.tv_usec / (uint32_t)10000L); + tor_gettimeofday_cached(&tvnow); + flushed = (uint32_t)((tvnow.tv_sec % SECONDS_IN_A_DAY) * 100L + + (uint32_t)tvnow.tv_usec / (uint32_t)10000L); if (!it_queue || !it_queue->first) { log_info(LD_GENERAL, "Cannot determine insertion time of cell. " "Looks like the CellStatistics option was " diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 67b238e..d1b2cd0 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -3512,10 +3512,10 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos) siglist = detached_get_signatures(sigs, flavor); is_duplicate = 0; - SMARTLIST_FOREACH(siglist, document_signature_t *, s, { - if (s->alg == alg && - tor_memeq(id_digest, s->identity_digest, DIGEST_LEN) && - tor_memeq(sk_digest, s->signing_key_digest, DIGEST_LEN)) { + SMARTLIST_FOREACH(siglist, document_signature_t *, dsig, { + if (dsig->alg == alg && + tor_memeq(id_digest, dsig->identity_digest, DIGEST_LEN) && + tor_memeq(sk_digest, dsig->signing_key_digest, DIGEST_LEN)) { is_duplicate = 1; } });

1 0

[tor/master] Replace 4 more sscanf()s with tor_sscanf()
by nickm＠torproject.org 01 Jul '11

01 Jul '11

commit a0ae80788cc12284cd63ac678318f95e1238b257 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 11:26:30 2011 -0400 Replace 4 more sscanf()s with tor_sscanf() For some inexplicable reason, Coverity departs from its usual standards of avoiding false positives here, and warns about all sscanf usage, even when the formatting strings are totally safe. Addresses CID # 447, 446. --- changes/cov217_scanf | 5 +++++ src/common/compat_libevent.c | 4 ++-- src/or/geoip.c | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/changes/cov217_scanf b/changes/cov217_scanf new file mode 100644 index 0000000..368bca8 --- /dev/null +++ b/changes/cov217_scanf @@ -0,0 +1,5 @@ + o Code simplification and refactoring: + - Use tor_sscanf in place of scanf in more places through the + code. This makes us a little more locale-independent, and + should help shut up code-analysis tools that can't tell + a safe sscanf string from a dangerous one. diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c index e0c7e3a..c338dd6 100644 --- a/src/common/compat_libevent.c +++ b/src/common/compat_libevent.c @@ -264,7 +264,7 @@ tor_decode_libevent_version(const char *v) /* Try the new preferred "1.4.11-stable" format. * Also accept "1.4.14b-stable". */ - fields = sscanf(v, "%u.%u.%u%c%c", &major, &minor, &patchlevel, &c, &e); + fields = tor_sscanf(v, "%u.%u.%u%c%c", &major, &minor, &patchlevel, &c, &e); if (fields == 3 || ((fields == 4 || fields == 5 ) && (c == '-' || c == '_')) || (fields == 5 && TOR_ISALPHA(c) && (e == '-' || e == '_'))) { @@ -272,7 +272,7 @@ tor_decode_libevent_version(const char *v) } /* Try the old "1.3e" format. */ - fields = sscanf(v, "%u.%u%c%c", &major, &minor, &c, &extra); + fields = tor_sscanf(v, "%u.%u%c%c", &major, &minor, &c, &extra); if (fields == 3 && TOR_ISALPHA(c)) { return V_OLD(major, minor, c); } else if (fields == 2) { diff --git a/src/or/geoip.c b/src/or/geoip.c index 59490bd..62c7a5c 100644 --- a/src/or/geoip.c +++ b/src/or/geoip.c @@ -116,10 +116,10 @@ geoip_parse_entry(const char *line) ++line; if (*line == '#') return 0; - if (sscanf(line,"%u,%u,%2s", &low, &high, b) == 3) { + if (tor_sscanf(line,"%u,%u,%2s", &low, &high, b) == 3) { geoip_add_entry(low, high, b); return 0; - } else if (sscanf(line,"\"%u\",\"%u\",\"%2s\",", &low, &high, b) == 3) { + } else if (tor_sscanf(line,"\"%u\",\"%u\",\"%2s\",", &low, &high, b) == 3) { geoip_add_entry(low, high, b); return 0; } else {

1 0

[tor/master] Check return value of crypto_global_init in test.c
by nickm＠torproject.org 01 Jul '11

01 Jul '11

commit 0317dc2bb2223dd8a51fc8b54a69765764d094d3 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 11:56:09 2011 -0400 Check return value of crypto_global_init in test.c This will let the unit tests fail in a less mystifying way if the crypto subsystem is b0rken, and will also make Coverity happier. CID # 429. --- src/test/test.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/src/test/test.c b/src/test/test.c index 1db1546..02d238e 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1318,7 +1318,10 @@ main(int c, const char **v) } options->command = CMD_RUN_UNITTESTS; - crypto_global_init(0, NULL, NULL); + if (crypto_global_init(0, NULL, NULL)) { + printf("Can't initialize crypto subsystem; exiting.\n"); + return 1; + } rep_hist_init(); network_init(); setup_directory();

1 0

[tor/master] Fix insanely large stack_allocation in log_credential_status
by nickm＠torproject.org 01 Jul '11

01 Jul '11

commit d25feadebbf05d6fce55cfee1e3c8f928903f543 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 12:36:33 2011 -0400 Fix insanely large stack_allocation in log_credential_status I'm not one to insist on C's miserly stack limits, but allocating a 256K array on the stack is too much even for me. Bugfix on 0.2.1.7-alpha. Found by coverity. Fixes CID # 450. --- changes/cid_450 | 5 +++++ src/common/compat.c | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/changes/cid_450 b/changes/cid_450 new file mode 100644 index 0000000..2045fca --- /dev/null +++ b/changes/cid_450 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Don't stack-allocate the list of supplementary GIDs when we're + about to log them. Stack-allocating NGROUPS_MAX gid_t elements + could take up to 256K, which is way too much stack. Found by + Coverity; CID #450. Bugfix on 0.2.1.7-alpha. diff --git a/src/common/compat.c b/src/common/compat.c index 3965108..9533c11 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1080,7 +1080,8 @@ log_credential_status(void) /* Read, effective and saved GIDs */ gid_t rgid, egid, sgid; /* Supplementary groups */ - gid_t sup_gids[NGROUPS_MAX + 1]; + gid_t *sup_gids = NULL; + int sup_gids_size; /* Number of supplementary groups */ int ngids; @@ -1126,9 +1127,19 @@ log_credential_status(void) #endif /* log supplementary groups */ - if ((ngids = getgroups(NGROUPS_MAX + 1, sup_gids)) < 0) { + sup_gids_size = 64; + sup_gids = tor_malloc(sizeof(gid_t) * 64); + while ((ngids = getgroups(sup_gids_size, sup_gids)) < 0 && + errno == EINVAL && + sup_gids_size < NGROUPS_MAX) { + sup_gids_size *= 2; + sup_gids = tor_realloc(sup_gids, sizeof(gid_t) * sup_gids_size); + } + + if (ngids < 0) { log_warn(LD_GENERAL, "Error getting supplementary GIDs: %s", strerror(errno)); + tor_free(sup_gids); return -1; } else { int i, retval = 0; @@ -1158,6 +1169,7 @@ log_credential_status(void) tor_free(cp); }); smartlist_free(elts); + tor_free(sup_gids); return retval; }

1 0