[or-cvs] [tor/master] Merge remote branch 'origin/maint-0.2.2'
nickm at torproject.org
nickm at torproject.org
Sat Jan 15 19:19:47 UTC 2011
commit 07888ed8e431b10d21d18e86092e20ddef0a2bca
Merge: 1758ef5 a7790d4
Author: Nick Mathewson <nickm at torproject.org>
Date: Sat Jan 15 14:17:59 2011 -0500
Merge remote branch 'origin/maint-0.2.2'
changes/bug2384 | 6 ++++++
src/common/crypto.c | 12 +++++++++---
src/or/rendclient.c | 2 ++
src/or/rendservice.c | 2 ++
4 files changed, 19 insertions(+), 3 deletions(-)
diff --combined src/common/crypto.c
index 668851a,e847d8c..1c0b21f
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@@ -569,6 -569,7 +569,7 @@@ crypto_pk_read_private_key_from_filenam
/* Try to parse it. */
r = crypto_pk_read_private_key_from_string(env, contents, -1);
+ memset(contents, 0, strlen(contents));
tor_free(contents);
if (r)
return -1; /* read_private_key_from_string already warned, so we don't.*/
@@@ -706,6 -707,7 +707,7 @@@ crypto_pk_write_private_key_to_filename
s[len]='\0';
r = write_str_to_file(fname, s, 0);
BIO_free(bio);
+ memset(s, 0, strlen(s));
tor_free(s);
return r;
}
@@@ -925,7 -927,7 +927,7 @@@ crypto_pk_public_checksig_digest(crypto
log_warn(LD_BUG, "couldn't compute digest");
return -1;
}
- buflen = crypto_pk_keysize(env)+1;
+ buflen = crypto_pk_keysize(env);
buf = tor_malloc(buflen);
r = crypto_pk_public_checksig(env,buf,buflen,sig,siglen);
if (r != DIGEST_LEN) {
@@@ -1110,8 -1112,8 +1112,8 @@@ crypto_pk_private_hybrid_decrypt(crypto
warnOnFailure);
}
- buf = tor_malloc(pkeylen+1);
- outlen = crypto_pk_private_decrypt(env,buf,pkeylen+1,from,pkeylen,padding,
+ buf = tor_malloc(pkeylen);
+ outlen = crypto_pk_private_decrypt(env,buf,pkeylen,from,pkeylen,padding,
warnOnFailure);
if (outlen<0) {
log_fn(warnOnFailure?LOG_WARN:LOG_DEBUG, LD_CRYPTO,
@@@ -1868,7 -1870,7 +1870,7 @@@ crypto_dh_compute_secret(int severity,
{
char *secret_tmp = NULL;
BIGNUM *pubkey_bn = NULL;
- size_t secret_len=0;
+ size_t secret_len=0, secret_tmp_len=0;
int result=0;
tor_assert(dh);
tor_assert(secret_bytes_out/DIGEST_LEN <= 255);
@@@ -1882,7 -1884,8 +1884,8 @@@
log_fn(severity, LD_CRYPTO,"Rejected invalid g^x");
goto error;
}
- secret_tmp = tor_malloc(crypto_dh_get_bytes(dh));
+ secret_tmp_len = crypto_dh_get_bytes(dh);
+ secret_tmp = tor_malloc(secret_tmp_len);
result = DH_compute_key((unsigned char*)secret_tmp, pubkey_bn, dh->dh);
if (result < 0) {
log_warn(LD_CRYPTO,"DH_compute_key() failed.");
@@@ -1901,7 -1904,10 +1904,10 @@@
crypto_log_errors(LOG_WARN, "completing DH handshake");
if (pubkey_bn)
BN_free(pubkey_bn);
- tor_free(secret_tmp);
+ if (secret_tmp) {
+ memset(secret_tmp, 0, secret_tmp_len);
+ tor_free(secret_tmp);
+ }
if (result < 0)
return result;
else
@@@ -2661,3 -2667,4 +2667,3 @@@ setup_openssl_threading(void
return 0;
}
#endif
-
diff --combined src/or/rendclient.c
index 1907d5a,1306fe0..255c16b
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@@ -16,7 -16,6 +16,7 @@@
#include "connection_edge.h"
#include "directory.h"
#include "main.h"
+#include "nodelist.h"
#include "relay.h"
#include "rendclient.h"
#include "rendcommon.h"
@@@ -416,7 -415,7 +416,7 @@@ directory_get_from_hs_dir(const char *d
SMARTLIST_FOREACH(responsible_dirs, routerstatus_t *, dir, {
if (lookup_last_hid_serv_request(dir, desc_id_base32, 0, 0) +
REND_HID_SERV_DIR_REQUERY_PERIOD >= now ||
- !router_get_by_digest(dir->identity_digest))
+ !router_get_by_id_digest(dir->identity_digest))
SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
});
@@@ -674,8 -673,10 +674,10 @@@ rend_client_receive_rendezvous(origin_c
* attach only the connections that are waiting on this circuit, rather
* than trying to attach them all. See comments bug 743. */
connection_ap_attach_pending();
+ memset(keys, 0, sizeof(keys));
return 0;
err:
+ memset(keys, 0, sizeof(keys));
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
return -1;
}
@@@ -741,6 -742,7 +743,6 @@@ rend_client_get_random_intro(const rend
int i;
rend_cache_entry_t *entry;
rend_intro_point_t *intro;
- routerinfo_t *router;
if (rend_cache_lookup_entry(rend_query->onion_address, -1, &entry) < 1) {
log_warn(LD_REND,
@@@ -757,12 -759,11 +759,12 @@@
intro = smartlist_get(entry->parsed->intro_nodes, i);
/* Do we need to look up the router or is the extend info complete? */
if (!intro->extend_info->onion_key) {
+ const node_t *node;
if (tor_digest_is_zero(intro->extend_info->identity_digest))
- router = router_get_by_hexdigest(intro->extend_info->nickname);
+ node = node_get_by_hex_id(intro->extend_info->nickname);
else
- router = router_get_by_digest(intro->extend_info->identity_digest);
- if (!router) {
+ node = node_get_by_id(intro->extend_info->identity_digest);
+ if (!node) {
log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
intro->extend_info->nickname);
rend_intro_point_free(intro);
@@@ -770,7 -771,7 +772,7 @@@
goto again;
}
extend_info_free(intro->extend_info);
- intro->extend_info = extend_info_from_router(router);
+ intro->extend_info = extend_info_from_node(node);
}
return extend_info_dup(intro->extend_info);
}
diff --combined src/or/rendservice.c
index 9f364b0,f1480e0..c920ecf
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@@ -14,7 -14,6 +14,7 @@@
#include "config.h"
#include "directory.h"
#include "networkstatus.h"
+#include "nodelist.h"
#include "rendclient.h"
#include "rendcommon.h"
#include "rendservice.h"
@@@ -1003,7 -1002,7 +1003,7 @@@ rend_service_introduce(origin_circuit_
} else {
char *rp_nickname;
size_t nickname_field_len;
- routerinfo_t *router;
+ const node_t *node;
int version;
if (*buf == 1) {
rp_nickname = buf+1;
@@@ -1030,8 -1029,8 +1030,8 @@@
len -= nickname_field_len;
len -= rp_nickname - buf; /* also remove header space used by version, if
* any */
- router = router_get_by_nickname(rp_nickname, 0);
- if (!router) {
+ node = node_get_by_nickname(rp_nickname, 0);
+ if (!node) {
log_info(LD_REND, "Couldn't find router %s named in introduce2 cell.",
escaped_safe_str_client(rp_nickname));
/* XXXX Add a no-such-router reason? */
@@@ -1039,7 -1038,7 +1039,7 @@@
goto err;
}
- extend_info = extend_info_from_router(router);
+ extend_info = extend_info_from_node(node);
}
if (len != REND_COOKIE_LEN+DH_KEY_LEN) {
@@@ -1166,8 -1165,10 +1166,10 @@@
memcpy(cpath->handshake_digest, keys, DIGEST_LEN);
if (extend_info) extend_info_free(extend_info);
+ memset(keys, 0, sizeof(keys));
return 0;
err:
+ memset(keys, 0, sizeof(keys));
if (dh) crypto_dh_free(dh);
if (launched)
circuit_mark_for_close(TO_CIRCUIT(launched), reason);
@@@ -1581,7 -1582,7 +1583,7 @@@ directory_post_to_hs_dir(rend_service_d
hs_dir->identity_digest))
/* Don't upload descriptor if we succeeded in doing so last time. */
continue;
- if (!router_get_by_digest(hs_dir->identity_digest)) {
+ if (!router_get_by_id_digest(hs_dir->identity_digest)) {
log_info(LD_REND, "Not sending publish request for v2 descriptor to "
"hidden service directory '%s'; we don't have its "
"router descriptor. Queuing for later upload.",
@@@ -1758,19 -1759,19 +1760,19 @@@ voi
rend_services_introduce(void)
{
int i,j,r;
- routerinfo_t *router;
+ const node_t *node;
rend_service_t *service;
rend_intro_point_t *intro;
int changed, prev_intro_nodes;
- smartlist_t *intro_routers;
+ smartlist_t *intro_nodes;
time_t now;
or_options_t *options = get_options();
- intro_routers = smartlist_create();
+ intro_nodes = smartlist_create();
now = time(NULL);
for (i=0; i < smartlist_len(rend_service_list); ++i) {
- smartlist_clear(intro_routers);
+ smartlist_clear(intro_nodes);
service = smartlist_get(rend_service_list, i);
tor_assert(service);
@@@ -1790,8 -1791,8 +1792,8 @@@
service. */
for (j=0; j < smartlist_len(service->intro_nodes); ++j) {
intro = smartlist_get(service->intro_nodes, j);
- router = router_get_by_digest(intro->extend_info->identity_digest);
- if (!router || !find_intro_circuit(intro, service->pk_digest)) {
+ node = node_get_by_id(intro->extend_info->identity_digest);
+ if (!node || !find_intro_circuit(intro, service->pk_digest)) {
log_info(LD_REND,"Giving up on %s as intro point for %s.",
intro->extend_info->nickname, service->service_id);
if (service->desc) {
@@@ -1810,8 -1811,8 +1812,8 @@@
smartlist_del(service->intro_nodes,j--);
changed = 1;
}
- if (router)
- smartlist_add(intro_routers, router);
+ if (node)
+ smartlist_add(intro_nodes, (void*)node);
}
/* We have enough intro points, and the intro points we thought we had were
@@@ -1840,26 -1841,26 +1842,26 @@@
#define NUM_INTRO_POINTS_INIT (NUM_INTRO_POINTS + 2)
for (j=prev_intro_nodes; j < (prev_intro_nodes == 0 ?
NUM_INTRO_POINTS_INIT : NUM_INTRO_POINTS); ++j) {
- router_crn_flags_t flags = CRN_NEED_UPTIME;
+ router_crn_flags_t flags = CRN_NEED_UPTIME|CRN_NEED_DESC;
if (get_options()->_AllowInvalid & ALLOW_INVALID_INTRODUCTION)
flags |= CRN_ALLOW_INVALID;
- router = router_choose_random_node(intro_routers,
- options->ExcludeNodes, flags);
- if (!router) {
+ node = router_choose_random_node(intro_nodes,
+ options->ExcludeNodes, flags);
+ if (!node) {
log_warn(LD_REND,
"Could only establish %d introduction points for %s.",
smartlist_len(service->intro_nodes), service->service_id);
break;
}
changed = 1;
- smartlist_add(intro_routers, router);
+ smartlist_add(intro_nodes, (void*)node);
intro = tor_malloc_zero(sizeof(rend_intro_point_t));
- intro->extend_info = extend_info_from_router(router);
+ intro->extend_info = extend_info_from_node(node);
intro->intro_key = crypto_new_pk_env();
tor_assert(!crypto_pk_generate_key(intro->intro_key));
smartlist_add(service->intro_nodes, intro);
log_info(LD_REND, "Picked router %s as an intro point for %s.",
- router->nickname, service->service_id);
+ node_get_nickname(node), service->service_id);
}
/* If there's no need to launch new circuits, stop here. */
@@@ -1876,7 -1877,7 +1878,7 @@@
}
}
}
- smartlist_free(intro_routers);
+ smartlist_free(intro_nodes);
}
/** Regenerate and upload rendezvous service descriptors for all
More information about the tor-commits
mailing list