[tor-commits] [sandboxed-tor-browser/master] More seccomp improvements.

2016-12-05 Thread yawning 
commit 45e252e604150054a483bde5fc43303b8dc14339
Author: Yawning Angel 
Date:   Mon Dec 5 23:32:48 2016 +

More seccomp improvements.

 * Fail with an error on ENOSYS.
 * Remove socketcall from the 286 whitelists, libseccomp should handle
   that for us.
---
 src/cmd/gen-seccomp/seccomp.go | 8 +++-
 src/cmd/gen-seccomp/seccomp_firefox.go | 1 -
 src/cmd/gen-seccomp/seccomp_tor.go | 4 ++--
 3 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/cmd/gen-seccomp/seccomp.go b/src/cmd/gen-seccomp/seccomp.go
index 62b286d..9ec17e8 100644
--- a/src/cmd/gen-seccomp/seccomp.go
+++ b/src/cmd/gen-seccomp/seccomp.go
@@ -17,7 +17,7 @@
 package main
 
 import (
-   "log"
+   "fmt"
 
seccomp "github.com/seccomp/libseccomp-golang"
 )
@@ -98,8 +98,7 @@ func allowSyscalls(f *seccomp.ScmpFilter, calls []string, 
is386 bool) error {
if is386 && scallName == "newselect" {
scall = seccomp.ScmpSyscall(142)
} else {
-   log.Printf("seccomp: unknown system call: %v", 
scallName)
-   continue
+   return fmt.Errorf("seccomp: unknown system 
call: %v", scallName)
}
}
if err = f.AddRule(scall, seccomp.ActAllow); err != nil {
@@ -112,8 +111,7 @@ func allowSyscalls(f *seccomp.ScmpFilter, calls []string, 
is386 bool) error {
 func allowCmpEq(f *seccomp.ScmpFilter, scallName string, arg uint, values 
...uint64) error {
scall, err := seccomp.GetSyscallFromName(scallName)
if err != nil {
-   log.Printf("seccomp: unknown system call: %v", scallName)
-   return nil
+   return fmt.Errorf("seccomp: unknown system call: %v", scallName)
}
 
// Allow if the arg matches any of the values.  Implemented as multiple
diff --git a/src/cmd/gen-seccomp/seccomp_firefox.go 
b/src/cmd/gen-seccomp/seccomp_firefox.go
index 75a7dd3..1606d76 100644
--- a/src/cmd/gen-seccomp/seccomp_firefox.go
+++ b/src/cmd/gen-seccomp/seccomp_firefox.go
@@ -209,7 +209,6 @@ func compileTorBrowserSeccompProfile(fd *os.File, is386 
bool) error {
"recv",
"send",
"newselect",
-   "socketcall",
 
"socket", // Filtered on amd64.
}
diff --git a/src/cmd/gen-seccomp/seccomp_tor.go 
b/src/cmd/gen-seccomp/seccomp_tor.go
index 2b01656..6144548 100644
--- a/src/cmd/gen-seccomp/seccomp_tor.go
+++ b/src/cmd/gen-seccomp/seccomp_tor.go
@@ -115,7 +115,6 @@ func compileTorSeccompProfile(fd *os.File, useBridges bool, 
is386 bool) error {
"recv",
"send",
"stat64",
-   "socketcall", // Sigh...
 
"ugetrlimit",
"set_thread_area",
@@ -254,7 +253,8 @@ func torFilterAccept4(f *seccomp.ScmpFilter, is386 bool) 
error {
}
if is386 {
// XXX: The tor common/sandbox.c file, explcitly allows 
socketcall()
-   // by arg for this call, and only this call. ??
+   // by arg for this call, and only this call, when libseccomp 
should
+   // do the right thing.
return f.AddRule(scall, seccomp.ActAllow)
}
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [webwml/master] Add note explaining a redirect

2016-12-05 Thread sebastian 
commit 4febd93ed15ea04d7a1effad8c3173809fa1dff2
Author: Sebastian Hahn 
Date:   Mon Dec 5 21:39:12 2016 +0100

Add note explaining a redirect
---
 .htaccess | 4 
 1 file changed, 4 insertions(+)

diff --git a/.htaccess b/.htaccess
index e45402c..638c2ee 100644
--- a/.htaccess
+++ b/.htaccess
@@ -76,6 +76,10 @@ RewriteRule ^donate/donate-amazon(.*) 
/donate/donate-amazon$1 [END]
 RewriteRule ^donate/donate(.*) https://donate.torproject.org [R=302,L]
 RewriteRule ^donate/donor-faq(.*) https://donate.torproject.org/donor-faq.html 
[R=302,L]
 RewriteRule ^donate/donor-privacy-policy(.*) 
https://donate.torproject.org/privacy-policy.html [R=302,L]
+
+# The following redirect is necessary because we're using that URL on
+# some external resources (the donate infrastructure in particular) and
+# getting it changed there is apparently hard or something.
 RewriteRule ^donate-email(.*) https://donate.torproject.org/ [R=302,L]
 
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [webwml/master] Add another desired quality to job posting

2016-12-05 Thread sebastian 
commit 1a14eca4a8b5b44638a310fa68976b00d866a8d7
Author: Sebastian Hahn 
Date:   Mon Dec 5 21:39:50 2016 +0100

Add another desired quality to job posting
---
 about/en/jobs-coredev.wml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/about/en/jobs-coredev.wml b/about/en/jobs-coredev.wml
index 2ee0f7f..48f7ec6 100644
--- a/about/en/jobs-coredev.wml
+++ b/about/en/jobs-coredev.wml
@@ -80,6 +80,7 @@ varying skill levels
 programs
 History of significant code contributions to multiple open-source
 projects
+Experience with development on Microsoft Windows
 Genuine excitement about Tor and its values! Follow this link to view
 the https://blog.torproject.org/blog/tor-social-contract;>Tor
 Project social contract.

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'chelseakomlo/20717_hashing_api_bug'

2016-12-05 Thread nickm 
commit f92630941ab8f6d79d23acc921eb780202b65e3b
Merge: 3f295bb 1ca7774
Author: Nick Mathewson 
Date:   Mon Dec 5 10:27:16 2016 -0500

Merge remote-tracking branch 'chelseakomlo/20717_hashing_api_bug'

 changes/ticket20717|  4 
 src/common/crypto.c| 40 +++-
 src/or/rendservice.c   |  2 +-
 src/or/routerparse.c   |  4 ++--
 src/or/shared_random.c |  6 +++---
 5 files changed, 37 insertions(+), 19 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] adds changes file

2016-12-05 Thread nickm 
commit 1ca777474b858acfa97137c155488a78006d494b
Author: Chelsea H. Komlo 
Date:   Sun Nov 20 20:00:24 2016 -0500

adds changes file
---
 changes/ticket20717 | 4 
 1 file changed, 4 insertions(+)

diff --git a/changes/ticket20717 b/changes/ticket20717
new file mode 100644
index 000..c896f8a
--- /dev/null
+++ b/changes/ticket20717
@@ -0,0 +1,4 @@
+  o Code simplification and refactoring:
+- Refactors the hashing API to return negative values for errors as is done
+  as a standard throughout the codebase.
+- Refactors calling functions to expect negative values for errors.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] whitespace fix

2016-12-05 Thread nickm 
commit daeb633825920ca99830c75a79d9a7d4ed211a13
Author: Nick Mathewson 
Date:   Mon Dec 5 10:31:10 2016 -0500

whitespace fix
---
 src/common/crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 2571829..be42d36 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1707,7 +1707,7 @@ crypto_digest(char *digest, const char *m, size_t len)
 {
   tor_assert(m);
   tor_assert(digest);
-  if(SHA1((const unsigned char*)m,len,(unsigned char*)digest) == NULL)
+  if (SHA1((const unsigned char*)m,len,(unsigned char*)digest) == NULL)
 return -1;
   return 0;
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix a couple more crypto_digest() calls to be explicit < 0

2016-12-05 Thread nickm 
commit 41adfd6fa38bf94bc7d71174dbaf7f32a41a64ec
Author: Nick Mathewson 
Date:   Mon Dec 5 10:31:31 2016 -0500

Fix a couple more crypto_digest() calls to be explicit < 0
---
 src/or/routerparse.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index f3246c9..38ceb94 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -715,7 +715,7 @@ dump_desc_populate_one_file, (const char *dirname, const 
char *f))
* filename.
*/
   if (crypto_digest256((char *)content_digest, desc, (size_t) st.st_size,
-   DIGEST_SHA256) != 0) {
+   DIGEST_SHA256) < 0) {
 /* Weird, but okay */
 log_info(LD_DIR,
  "Unable to hash content of %s from unparseable descriptors "
@@ -879,7 +879,7 @@ dump_desc(const char *desc, const char *type)
   /* Get the hash for logging purposes anyway */
   len = strlen(desc);
   if (crypto_digest256((char *)digest_sha256, desc, len,
-   DIGEST_SHA256) != 0) {
+   DIGEST_SHA256) < 0) {
 log_info(LD_DIR,
  "Unable to parse descriptor of type %s, and unable to even hash"
  " it!", type);

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] crypto_digest256 returns expected error value of -1

2016-12-05 Thread nickm 
commit 9d9110f65db8af5ea4ddf93b01a099eb53e9b59f
Author: Chelsea H. Komlo 
Date:   Thu Nov 17 22:58:36 2016 -0500

crypto_digest256 returns expected error value of -1
---
 src/common/crypto.c| 14 ++
 src/or/routerparse.c   |  2 +-
 src/or/shared_random.c |  6 +++---
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index f59b674..c075423 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1714,7 +1714,7 @@ crypto_digest(char *digest, const char *m, size_t len)
 
 /** Compute a 256-bit digest of len bytes in data stored in m,
  * using the algorithm algorithm.  Write the DIGEST_LEN256-byte result
- * into digest.  Return 0 on success, 1 on failure. */
+ * into digest.  Return 0 on success, -1 on failure. */
 int
 crypto_digest256(char *digest, const char *m, size_t len,
  digest_algorithm_t algorithm)
@@ -1722,11 +1722,17 @@ crypto_digest256(char *digest, const char *m, size_t 
len,
   tor_assert(m);
   tor_assert(digest);
   tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
+
+  int ret = 0;
   if (algorithm == DIGEST_SHA256)
-return (SHA256((const uint8_t*)m,len,(uint8_t*)digest) == NULL);
+ret = (SHA256((const uint8_t*)m,len,(uint8_t*)digest) != NULL);
   else
-return (sha3_256((uint8_t *)digest, DIGEST256_LEN,(const uint8_t *)m, len)
-== -1);
+ret = (sha3_256((uint8_t *)digest, DIGEST256_LEN,(const uint8_t *)m, len)
+   > -1);
+
+  if (!ret)
+return -1;
+  return 0;
 }
 
 /** Compute a 512-bit digest of len bytes in data stored in m,
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 8f8d2b8..f3246c9 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4541,7 +4541,7 @@ router_get_hash_impl(const char *s, size_t s_len, char 
*digest,
   return -1;
 }
   } else {
-if (crypto_digest256(digest, start, end-start, alg)) {
+if (crypto_digest256(digest, start, end-start, alg) < 0) {
   log_warn(LD_BUG,"couldn't compute digest");
   return -1;
 }
diff --git a/src/or/shared_random.c b/src/or/shared_random.c
index 5f6b03f..0eb9338 100644
--- a/src/or/shared_random.c
+++ b/src/or/shared_random.c
@@ -192,7 +192,7 @@ verify_commit_and_reveal(const sr_commit_t *commit)
 /* Use the invariant length since the encoded reveal variable has an
  * extra byte for the NUL terminated byte. */
 if (crypto_digest256(received_hashed_reveal, commit->encoded_reveal,
- SR_REVEAL_BASE64_LEN, commit->alg)) {
+ SR_REVEAL_BASE64_LEN, commit->alg) < 0) {
   /* Unable to digest the reveal blob, this is unlikely. */
   goto invalid;
 }
@@ -932,7 +932,7 @@ sr_generate_our_commit(time_t timestamp, const 
authority_cert_t *my_rsa_cert)
   /* The invariant length is used here since the encoded reveal variable
* has an extra byte added for the NULL terminated byte. */
   if (crypto_digest256(commit->hashed_reveal, commit->encoded_reveal,
-   SR_REVEAL_BASE64_LEN, commit->alg)) {
+   SR_REVEAL_BASE64_LEN, commit->alg) < 0) {
 goto error;
   }
 
@@ -1012,7 +1012,7 @@ sr_compute_srv(void)
 SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
 smartlist_free(chunks);
 if (crypto_digest256(hashed_reveals, reveals, strlen(reveals),
- SR_DIGEST_ALG)) {
+ SR_DIGEST_ALG) < 0) {
   goto end;
 }
 current_srv = generate_srv(hashed_reveals, reveal_num,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] crypto_digest returns expected error value of -1

2016-12-05 Thread nickm 
commit 276d07a88a3b595aff9e28c7f1862563d2751b55
Author: Chelsea H. Komlo 
Date:   Thu Nov 17 22:45:24 2016 -0500

crypto_digest returns expected error value of -1
---
 src/common/crypto.c  | 10 ++
 src/or/rendservice.c |  2 +-
 src/or/routerparse.c |  2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index fff516c..f59b674 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1506,7 +1506,7 @@ crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char 
*fp_out)
   if (crypto_pk_get_digest(pk, digest)) {
 return -1;
   }
-  if (crypto_digest(hashed_digest, digest, DIGEST_LEN)) {
+  if (crypto_digest(hashed_digest, digest, DIGEST_LEN) < 0) {
 return -1;
   }
   base16_encode(fp_out, FINGERPRINT_LEN + 1, hashed_digest, DIGEST_LEN);
@@ -1700,14 +1700,16 @@ crypto_cipher_decrypt_with_iv(const char *key,
 
 /** Compute the SHA1 digest of the len bytes on data stored in
  * m.  Write the DIGEST_LEN byte result into digest.
- * Return 0 on success, 1 on failure.
+ * Return 0 on success, -1 on failure.
  */
 int
 crypto_digest(char *digest, const char *m, size_t len)
 {
   tor_assert(m);
   tor_assert(digest);
-  return (SHA1((const unsigned char*)m,len,(unsigned char*)digest) == NULL);
+  if(SHA1((const unsigned char*)m,len,(unsigned char*)digest) == NULL)
+return -1;
+  return 0;
 }
 
 /** Compute a 256-bit digest of len bytes in data stored in m,
@@ -2628,7 +2630,7 @@ crypto_expand_key_material_TAP(const uint8_t *key_in, 
size_t key_in_len,
   for (cp = key_out, i=0; cp < key_out+key_out_len;
++i, cp += DIGEST_LEN) {
 tmp[key_in_len] = i;
-if (crypto_digest((char*)digest, (const char *)tmp, key_in_len+1))
+if (crypto_digest((char*)digest, (const char *)tmp, key_in_len+1) < 0)
   goto exit;
 memcpy(cp, digest, MIN(DIGEST_LEN, key_out_len-(cp-key_out)));
   }
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 8ffd0bc..4d25251 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3084,7 +3084,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
   len += 2;
   memcpy(auth, circuit->cpath->prev->rend_circ_nonce, DIGEST_LEN);
   memcpy(auth+DIGEST_LEN, "INTRODUCE", 9);
-  if (crypto_digest(buf+len, auth, DIGEST_LEN+9))
+  if (crypto_digest(buf+len, auth, DIGEST_LEN+9) < 0)
 goto err;
   len += 20;
   note_crypto_pk_op(REND_SERVER);
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 2cfd3fc..8f8d2b8 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4536,7 +4536,7 @@ router_get_hash_impl(const char *s, size_t s_len, char 
*digest,
 return -1;
 
   if (alg == DIGEST_SHA1) {
-if (crypto_digest(digest, start, end-start)) {
+if (crypto_digest(digest, start, end-start) < 0) {
   log_warn(LD_BUG,"couldn't compute digest");
   return -1;
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] crypto_digest512 returns expected error value of -1

2016-12-05 Thread nickm 
commit e01b09d5cecac33fa8633a18982560e34a67ee88
Author: Chelsea H. Komlo 
Date:   Thu Nov 17 23:02:39 2016 -0500

crypto_digest512 returns expected error value of -1
---
 src/common/crypto.c | 16 +++-
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index c075423..2571829 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1737,7 +1737,7 @@ crypto_digest256(char *digest, const char *m, size_t len,
 
 /** Compute a 512-bit digest of len bytes in data stored in m,
  * using the algorithm algorithm.  Write the DIGEST_LEN512-byte result
- * into digest.  Return 0 on success, 1 on failure. */
+ * into digest.  Return 0 on success, -1 on failure. */
 int
 crypto_digest512(char *digest, const char *m, size_t len,
  digest_algorithm_t algorithm)
@@ -1745,12 +1745,18 @@ crypto_digest512(char *digest, const char *m, size_t 
len,
   tor_assert(m);
   tor_assert(digest);
   tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
+
+  int ret = 0;
   if (algorithm == DIGEST_SHA512)
-return (SHA512((const unsigned char*)m,len,(unsigned char*)digest)
-== NULL);
+ret = (SHA512((const unsigned char*)m,len,(unsigned char*)digest)
+   != NULL);
   else
-return (sha3_512((uint8_t*)digest, DIGEST512_LEN, (const uint8_t*)m, len)
-== -1);
+ret = (sha3_512((uint8_t*)digest, DIGEST512_LEN, (const uint8_t*)m, len)
+   > -1);
+
+  if (!ret)
+return -1;
+  return 0;
 }
 
 /** Set the common_digests_t in ds_out to contain every digest on the



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] 20865: Don't use getentropy() on OSX Sierra.

2016-12-05 Thread nickm 
commit 714aeedc5278fe50fb2b9ccafeefa4270eaf3391
Author: Nick Mathewson 
Date:   Mon Dec 5 09:37:03 2016 -0500

20865: Don't use getentropy() on OSX Sierra.

Tor 0.2.9 has a broader range of fixes and workarounds here, but for
0.2.8, we're just going to maintain the existing behavior.

(The alternative would be to backport both
1eba088054eca1555b455ee4a2adfafecb888af9 and
16fcbd21c963a9a65bf55024680c8323c8b7175d , but the latter is kind of
a subtle kludge in the configure.ac script, and I'm not a fan of
backporting that kind of thing.)
---
 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)

diff --git a/changes/bug20865 b/changes/bug20865
new file mode 100644
index 000..575d886
--- /dev/null
+++ b/changes/bug20865
@@ -0,0 +1,7 @@
+  o Minor bugfixes (portability):
+- Avoid compilation errors when building on OSX Sierra. Sierra began
+  to support the getentropy() API, but created a few problems in
+  doing so. Tor 0.2.9 has a more thorough set of workarounds; in
+  0.2.8, we are just using the /dev/urandom interface. Fixes
+  bug 20865. Bugfix on 0.2.8.1-alpha.
+
diff --git a/src/common/crypto.c b/src/common/crypto.c
index c5d07df..f7bb8ff 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -88,6 +88,15 @@
 
 #include "keccak-tiny/keccak-tiny.h"
 
+#ifdef __APPLE__
+/* Apple messed up their getentropy definitions in Sierra.  It's not insecure
+ * or anything (as far as I know) but it makes compatible builds hard.  0.2.9
+ * contains the necessary tricks to do it right: in 0.2.8, we're just using
+ * this blunt instrument.
+ */
+#undef HAVE_GETENTROPY
+#endif
+
 #ifdef ANDROID
 /* Android's OpenSSL seems to have removed all of its Engine support. */
 #define DISABLE_ENGINES



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.9'

2016-12-05 Thread nickm 
commit 3f295bbef1d0d2cc495a963b858d211a85498ba3
Merge: 5923418 30f0516
Author: Nick Mathewson 
Date:   Mon Dec 5 10:07:09 2016 -0500

Merge branch 'maint-0.2.9'

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Merge branch 'getentropy_028' into maint-0.2.8

2016-12-05 Thread nickm 
commit cc34ba1cecc7733bf69a6fee9e6ecf2ac8661b7e
Merge: 2a36541 714aeed
Author: Nick Mathewson 
Date:   Mon Dec 5 10:06:16 2016 -0500

Merge branch 'getentropy_028' into maint-0.2.8

 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Merge branch 'getentropy_028' into maint-0.2.8

2016-12-05 Thread nickm 
commit cc34ba1cecc7733bf69a6fee9e6ecf2ac8661b7e
Merge: 2a36541 714aeed
Author: Nick Mathewson 
Date:   Mon Dec 5 10:06:16 2016 -0500

Merge branch 'getentropy_028' into maint-0.2.8

 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] Merge branch 'getentropy_028' into maint-0.2.8

2016-12-05 Thread nickm 
commit cc34ba1cecc7733bf69a6fee9e6ecf2ac8661b7e
Merge: 2a36541 714aeed
Author: Nick Mathewson 
Date:   Mon Dec 5 10:06:16 2016 -0500

Merge branch 'getentropy_028' into maint-0.2.8

 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'getentropy_028' into maint-0.2.8

2016-12-05 Thread nickm 
commit cc34ba1cecc7733bf69a6fee9e6ecf2ac8661b7e
Merge: 2a36541 714aeed
Author: Nick Mathewson 
Date:   Mon Dec 5 10:06:16 2016 -0500

Merge branch 'getentropy_028' into maint-0.2.8

 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] 20865: Don't use getentropy() on OSX Sierra.

2016-12-05 Thread nickm 
commit 714aeedc5278fe50fb2b9ccafeefa4270eaf3391
Author: Nick Mathewson 
Date:   Mon Dec 5 09:37:03 2016 -0500

20865: Don't use getentropy() on OSX Sierra.

Tor 0.2.9 has a broader range of fixes and workarounds here, but for
0.2.8, we're just going to maintain the existing behavior.

(The alternative would be to backport both
1eba088054eca1555b455ee4a2adfafecb888af9 and
16fcbd21c963a9a65bf55024680c8323c8b7175d , but the latter is kind of
a subtle kludge in the configure.ac script, and I'm not a fan of
backporting that kind of thing.)
---
 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)

diff --git a/changes/bug20865 b/changes/bug20865
new file mode 100644
index 000..575d886
--- /dev/null
+++ b/changes/bug20865
@@ -0,0 +1,7 @@
+  o Minor bugfixes (portability):
+- Avoid compilation errors when building on OSX Sierra. Sierra began
+  to support the getentropy() API, but created a few problems in
+  doing so. Tor 0.2.9 has a more thorough set of workarounds; in
+  0.2.8, we are just using the /dev/urandom interface. Fixes
+  bug 20865. Bugfix on 0.2.8.1-alpha.
+
diff --git a/src/common/crypto.c b/src/common/crypto.c
index c5d07df..f7bb8ff 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -88,6 +88,15 @@
 
 #include "keccak-tiny/keccak-tiny.h"
 
+#ifdef __APPLE__
+/* Apple messed up their getentropy definitions in Sierra.  It's not insecure
+ * or anything (as far as I know) but it makes compatible builds hard.  0.2.9
+ * contains the necessary tricks to do it right: in 0.2.8, we're just using
+ * this blunt instrument.
+ */
+#undef HAVE_GETENTROPY
+#endif
+
 #ifdef ANDROID
 /* Android's OpenSSL seems to have removed all of its Engine support. */
 #define DISABLE_ENGINES



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9

2016-12-05 Thread nickm 
commit 99683ee561e065c4350e713eec3d2d8cd67325dd
Merge: 5032489 30f0516
Author: Nick Mathewson 
Date:   Mon Dec 5 10:07:04 2016 -0500

Merge branch 'maint-0.2.9' into release-0.2.9

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] 20865: Don't use getentropy() on OSX Sierra.

2016-12-05 Thread nickm 
commit 714aeedc5278fe50fb2b9ccafeefa4270eaf3391
Author: Nick Mathewson 
Date:   Mon Dec 5 09:37:03 2016 -0500

20865: Don't use getentropy() on OSX Sierra.

Tor 0.2.9 has a broader range of fixes and workarounds here, but for
0.2.8, we're just going to maintain the existing behavior.

(The alternative would be to backport both
1eba088054eca1555b455ee4a2adfafecb888af9 and
16fcbd21c963a9a65bf55024680c8323c8b7175d , but the latter is kind of
a subtle kludge in the configure.ac script, and I'm not a fan of
backporting that kind of thing.)
---
 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)

diff --git a/changes/bug20865 b/changes/bug20865
new file mode 100644
index 000..575d886
--- /dev/null
+++ b/changes/bug20865
@@ -0,0 +1,7 @@
+  o Minor bugfixes (portability):
+- Avoid compilation errors when building on OSX Sierra. Sierra began
+  to support the getentropy() API, but created a few problems in
+  doing so. Tor 0.2.9 has a more thorough set of workarounds; in
+  0.2.8, we are just using the /dev/urandom interface. Fixes
+  bug 20865. Bugfix on 0.2.8.1-alpha.
+
diff --git a/src/common/crypto.c b/src/common/crypto.c
index c5d07df..f7bb8ff 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -88,6 +88,15 @@
 
 #include "keccak-tiny/keccak-tiny.h"
 
+#ifdef __APPLE__
+/* Apple messed up their getentropy definitions in Sierra.  It's not insecure
+ * or anything (as far as I know) but it makes compatible builds hard.  0.2.9
+ * contains the necessary tricks to do it right: in 0.2.8, we're just using
+ * this blunt instrument.
+ */
+#undef HAVE_GETENTROPY
+#endif
+
 #ifdef ANDROID
 /* Android's OpenSSL seems to have removed all of its Engine support. */
 #define DISABLE_ENGINES



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.8' into maint-0.2.9

2016-12-05 Thread nickm 
commit 30f05167f1b1dd26427a80db6494842f40049cb7
Merge: cf2f36b cc34ba1
Author: Nick Mathewson 
Date:   Mon Dec 5 10:06:45 2016 -0500

Merge branch 'maint-0.2.8' into maint-0.2.9




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Merge branch 'maint-0.2.8' into maint-0.2.9

2016-12-05 Thread nickm 
commit 30f05167f1b1dd26427a80db6494842f40049cb7
Merge: cf2f36b cc34ba1
Author: Nick Mathewson 
Date:   Mon Dec 5 10:06:45 2016 -0500

Merge branch 'maint-0.2.8' into maint-0.2.9

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'getentropy_028' into maint-0.2.8

2016-12-05 Thread nickm 
commit cc34ba1cecc7733bf69a6fee9e6ecf2ac8661b7e
Merge: 2a36541 714aeed
Author: Nick Mathewson 
Date:   Mon Dec 5 10:06:16 2016 -0500

Merge branch 'getentropy_028' into maint-0.2.8

 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Merge branch 'maint-0.2.8' into release-0.2.8

2016-12-05 Thread nickm 
commit 212d984dc50668adbbd770d4af9185ca8bcaefbf
Merge: 5b336f2 cc34ba1
Author: Nick Mathewson 
Date:   Mon Dec 5 10:06:25 2016 -0500

Merge branch 'maint-0.2.8' into release-0.2.8

 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] 20865: Don't use getentropy() on OSX Sierra.

2016-12-05 Thread nickm 
commit 714aeedc5278fe50fb2b9ccafeefa4270eaf3391
Author: Nick Mathewson 
Date:   Mon Dec 5 09:37:03 2016 -0500

20865: Don't use getentropy() on OSX Sierra.

Tor 0.2.9 has a broader range of fixes and workarounds here, but for
0.2.8, we're just going to maintain the existing behavior.

(The alternative would be to backport both
1eba088054eca1555b455ee4a2adfafecb888af9 and
16fcbd21c963a9a65bf55024680c8323c8b7175d , but the latter is kind of
a subtle kludge in the configure.ac script, and I'm not a fan of
backporting that kind of thing.)
---
 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)

diff --git a/changes/bug20865 b/changes/bug20865
new file mode 100644
index 000..575d886
--- /dev/null
+++ b/changes/bug20865
@@ -0,0 +1,7 @@
+  o Minor bugfixes (portability):
+- Avoid compilation errors when building on OSX Sierra. Sierra began
+  to support the getentropy() API, but created a few problems in
+  doing so. Tor 0.2.9 has a more thorough set of workarounds; in
+  0.2.8, we are just using the /dev/urandom interface. Fixes
+  bug 20865. Bugfix on 0.2.8.1-alpha.
+
diff --git a/src/common/crypto.c b/src/common/crypto.c
index c5d07df..f7bb8ff 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -88,6 +88,15 @@
 
 #include "keccak-tiny/keccak-tiny.h"
 
+#ifdef __APPLE__
+/* Apple messed up their getentropy definitions in Sierra.  It's not insecure
+ * or anything (as far as I know) but it makes compatible builds hard.  0.2.9
+ * contains the necessary tricks to do it right: in 0.2.8, we're just using
+ * this blunt instrument.
+ */
+#undef HAVE_GETENTROPY
+#endif
+
 #ifdef ANDROID
 /* Android's OpenSSL seems to have removed all of its Engine support. */
 #define DISABLE_ENGINES



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] 20865: Don't use getentropy() on OSX Sierra.

2016-12-05 Thread nickm 
commit 714aeedc5278fe50fb2b9ccafeefa4270eaf3391
Author: Nick Mathewson 
Date:   Mon Dec 5 09:37:03 2016 -0500

20865: Don't use getentropy() on OSX Sierra.

Tor 0.2.9 has a broader range of fixes and workarounds here, but for
0.2.8, we're just going to maintain the existing behavior.

(The alternative would be to backport both
1eba088054eca1555b455ee4a2adfafecb888af9 and
16fcbd21c963a9a65bf55024680c8323c8b7175d , but the latter is kind of
a subtle kludge in the configure.ac script, and I'm not a fan of
backporting that kind of thing.)
---
 changes/bug20865| 7 +++
 src/common/crypto.c | 9 +
 2 files changed, 16 insertions(+)

diff --git a/changes/bug20865 b/changes/bug20865
new file mode 100644
index 000..575d886
--- /dev/null
+++ b/changes/bug20865
@@ -0,0 +1,7 @@
+  o Minor bugfixes (portability):
+- Avoid compilation errors when building on OSX Sierra. Sierra began
+  to support the getentropy() API, but created a few problems in
+  doing so. Tor 0.2.9 has a more thorough set of workarounds; in
+  0.2.8, we are just using the /dev/urandom interface. Fixes
+  bug 20865. Bugfix on 0.2.8.1-alpha.
+
diff --git a/src/common/crypto.c b/src/common/crypto.c
index c5d07df..f7bb8ff 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -88,6 +88,15 @@
 
 #include "keccak-tiny/keccak-tiny.h"
 
+#ifdef __APPLE__
+/* Apple messed up their getentropy definitions in Sierra.  It's not insecure
+ * or anything (as far as I know) but it makes compatible builds hard.  0.2.9
+ * contains the necessary tricks to do it right: in 0.2.8, we're just using
+ * this blunt instrument.
+ */
+#undef HAVE_GETENTROPY
+#endif
+
 #ifdef ANDROID
 /* Android's OpenSSL seems to have removed all of its Engine support. */
 #define DISABLE_ENGINES



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'jryans/service_is_ephemeral'

2016-12-05 Thread nickm 
commit 5923418effc9a34176c07761d4540f338c2f1e03
Merge: f96f4c0 63d3ba9
Author: Nick Mathewson 
Date:   Mon Dec 5 08:57:00 2016 -0500

Merge remote-tracking branch 'jryans/service_is_ephemeral'

 changes/20853|  4 
 src/or/rendservice.c | 44 
 2 files changed, 36 insertions(+), 12 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Use `rend_service_is_ephemeral` for all service checks in `rendservice.c`

2016-12-05 Thread nickm 
commit 63d3ba96f973735ded16e78bd0b8406b6fcdec35
Author: J. Ryan Stinnett 
Date:   Fri Dec 2 23:10:28 2016 -0600

Use `rend_service_is_ephemeral` for all service checks in `rendservice.c`

Fixes #20853.
---
 changes/20853|  4 
 src/or/rendservice.c | 44 
 2 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/changes/20853 b/changes/20853
new file mode 100644
index 000..84d95c4
--- /dev/null
+++ b/changes/20853
@@ -0,0 +1,4 @@
+  o Minor bugfix (hidden services):
+- Change ephemeral service checks in `rendservice.c` to use the new
+  `rend_service_is_ephemeral` helper function.  Fixes bug 20853; bugfix on
+  bug 20526; not in any released version of Tor.
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index beaa0a3..0b44ae9 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -824,7 +824,7 @@ rend_config_services(const or_options_t *options, int 
validate_only)
  *will NOT have their intro point closed.
  */
 SMARTLIST_FOREACH(old_service_list, rend_service_t *, old, {
-  if (!old->directory) {
+  if (rend_service_is_ephemeral(old)) {
 SMARTLIST_DEL_CURRENT(old_service_list, old);
 smartlist_add(surviving_services, old);
 smartlist_add(rend_service_list, old);
@@ -836,15 +836,20 @@ rend_config_services(const or_options_t *options, int 
validate_only)
  * probably ok? */
 SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, new) {
   SMARTLIST_FOREACH_BEGIN(old_service_list, rend_service_t *, old) {
-if (new->directory && old->directory &&
-!strcmp(old->directory, new->directory)) {
-  smartlist_add_all(new->intro_nodes, old->intro_nodes);
-  smartlist_clear(old->intro_nodes);
-  smartlist_add_all(new->expiring_nodes, old->expiring_nodes);
-  smartlist_clear(old->expiring_nodes);
-  smartlist_add(surviving_services, old);
-  break;
+if (BUG(rend_service_is_ephemeral(new)) ||
+BUG(rend_service_is_ephemeral(old))) {
+  continue;
 }
+if (BUG(!new->directory) || BUG(!old->directory) ||
+strcmp(old->directory, new->directory)) {
+  continue;
+}
+smartlist_add_all(new->intro_nodes, old->intro_nodes);
+smartlist_clear(old->intro_nodes);
+smartlist_add_all(new->expiring_nodes, old->expiring_nodes);
+smartlist_clear(old->expiring_nodes);
+smartlist_add(surviving_services, old);
+break;
   } SMARTLIST_FOREACH_END(old);
 } SMARTLIST_FOREACH_END(new);
 
@@ -1163,8 +1168,13 @@ rend_service_verify_single_onion_poison(const 
rend_service_t* s,
   }
 
   /* Ephemeral services are checked at ADD_ONION time */
-  if (!s->directory) {
-return 0;
+  if (BUG(rend_service_is_ephemeral(s))) {
+return -1;
+  }
+
+  /* Service is expected to have a directory */
+  if (BUG(!s->directory)) {
+return -1;
   }
 
   /* Services without keys are always ok - their keys will only ever be used
@@ -1257,7 +1267,7 @@ poison_new_single_onion_hidden_service_dir_impl(const 
rend_service_t *service,
   return retval;
 }
 
-/** We just got launched in Single Onion Mode. That's a non-anoymous mode for
+/** We just got launched in Single Onion Mode. That's a non-anonymous mode for
  * hidden services. If s is new, we should mark its hidden service
  * directory appropriately so that it is never launched as a location-private
  * hidden service. (New directories don't have private key files.)
@@ -1274,6 +1284,16 @@ rend_service_poison_new_single_onion_dir(const 
rend_service_t *s,
   /* We must only poison directories if we're in Single Onion mode */
   tor_assert(rend_service_non_anonymous_mode_enabled(options));
 
+  /* Ephemeral services aren't allowed in non-anonymous mode */
+  if (BUG(rend_service_is_ephemeral(s))) {
+return -1;
+  }
+
+  /* Service is expected to have a directory */
+  if (BUG(!s->directory)) {
+return -1;
+  }
+
   if (!rend_service_private_key_exists(s)) {
 if (poison_new_single_onion_hidden_service_dir_impl(s, options)
 < 0) {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] extract magic numbers in circuituse.c

2016-12-05 Thread nickm 
commit cfb8363da9210ba3df92a0b6a572b8c3c5adcf9b
Author: Chelsea H. Komlo 
Date:   Sun Oct 23 10:51:09 2016 -0500

extract magic numbers in circuituse.c
---
 changes/ticket18873 |  1 +
 src/or/circuituse.c | 23 +++
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/changes/ticket18873 b/changes/ticket18873
index df4cb1e..e19a290 100644
--- a/changes/ticket18873
+++ b/changes/ticket18873
@@ -3,3 +3,4 @@
   functions.
 - Refactor circuit_predict_and_launch_new for readability and testability.
 - Added unit tests for extracted functions.
+- Extracted magic numbers in circuituse.c into defined variables.
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 682961d..9afe77b 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1066,15 +1066,21 @@ needs_exit_circuits(time_t now, int *needs_uptime, int 
*needs_capacity)
   router_have_consensus_path() == CONSENSUS_PATH_EXIT);
 }
 
+#define SUFFICIENT_UPTIME_INTERNAL_HS_SERVERS 3
+
 /* Return true if we need any more hidden service server circuits.
  * HS servers only need an internal circuit. */
 STATIC int
 needs_hs_server_circuits(int num_uptime_internal)
 {
-  return (num_rend_services() && num_uptime_internal < 3 &&
+  return (num_rend_services() &&
+  num_uptime_internal < SUFFICIENT_UPTIME_INTERNAL_HS_SERVERS &&
   router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN);
 }
 
+#define SUFFICIENT_INTERNAL_HS_CLIENTS 3
+#define SUFFICIENT_UPTIME_INTERNAL_HS_CLIENTS 2
+
 /* Return true if we need any more hidden service client circuits.
  * HS clients only need an internal circuit. */
 STATIC int
@@ -1084,22 +1090,31 @@ needs_hs_client_circuits(time_t now, int *needs_uptime, 
int *needs_capacity,
   int used_internal_recently = rep_hist_get_predicted_internal(now,
needs_uptime,
needs_capacity);
+  int requires_uptime = num_uptime_internal <
+SUFFICIENT_UPTIME_INTERNAL_HS_CLIENTS &&
+needs_uptime;
+
   return (used_internal_recently &&
- ((num_uptime_internal<2 && needs_uptime) || num_internal<3) &&
+ (requires_uptime || num_internal < SUFFICIENT_INTERNAL_HS_CLIENTS) &&
   router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN);
 }
 
 /* Check to see if we still need more circuits to learn
  * a good build timeout. But if we're close to our max number we
  * want, don't do another -- we want to leave a few slots open so
- * we can still build circuits preemptively as needed.
+ * we can still build circuits preemptively as needed. */
+#define CBT_MIN_REMAINING_PREEMPTIVE_CIRCUITS 2
+#define CBT_MAX_UNUSED_OPEN_CIRCUITS (MAX_UNUSED_OPEN_CIRCUITS - \
+  CBT_MIN_REMAINING_PREEMPTIVE_CIRCUITS)
+
+/* Return true if we need more circuits for a good build timeout.
  *  make the assumption that build timeout streams should be
  * created whenever we can build internal circuits. */
 STATIC int
 needs_circuits_for_build(int num)
 {
   if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN) {
-if (num < MAX_UNUSED_OPEN_CIRCUITS-2 &&
+if (num < CBT_MAX_UNUSED_OPEN_CIRCUITS &&
 ! circuit_build_times_disabled() &&
 circuit_build_times_needs_circuits_now(get_circuit_build_times()))
 {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] fix up spacing/style in needs_circuits_for_build

2016-12-05 Thread nickm 
commit 2331e70d2d47b4d883aaee6e503ca93ada9ea16c
Author: Chelsea H. Komlo 
Date:   Tue Nov 22 16:00:59 2016 -0500

fix up spacing/style in needs_circuits_for_build
---
 src/or/circuituse.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index d478537..bc72015 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1123,9 +1123,8 @@ needs_circuits_for_build(int num)
 {
   if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN) {
 if (num < CBT_MAX_UNUSED_OPEN_CIRCUITS &&
-! circuit_build_times_disabled() &&
-circuit_build_times_needs_circuits_now(get_circuit_build_times()))
-{
+!circuit_build_times_disabled() &&
+circuit_build_times_needs_circuits_now(get_circuit_build_times())) {
   return 1;
 }
   }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Refactor circuit_predict_and_launch_new

2016-12-05 Thread nickm 
commit afb6ae7b0fb87550c12e09e5eb7c2a09e675909d
Author: Chelsea H. Komlo 
Date:   Fri Oct 14 07:00:35 2016 -0500

Refactor circuit_predict_and_launch_new
---
 changes/ticket18873|   2 +
 src/or/circuitbuild.c  |   6 +-
 src/or/circuitbuild.h  |   5 +-
 src/or/circuituse.c| 166 +-
 src/or/circuituse.h|  20 
 src/or/nodelist.c  |   4 +-
 src/or/nodelist.h  |   3 +-
 src/test/include.am|   1 +
 src/test/test.c|   1 +
 src/test/test.h|   1 +
 src/test/test_circuituse.c | 284 +
 11 files changed, 431 insertions(+), 62 deletions(-)

diff --git a/changes/ticket18873 b/changes/ticket18873
index ada6798..df4cb1e 100644
--- a/changes/ticket18873
+++ b/changes/ticket18873
@@ -1,3 +1,5 @@
   o Code simplification and refactoring:
 - Extracted dummy_origin_circuit_new so it can be used by other test
   functions.
+- Refactor circuit_predict_and_launch_new for readability and testability.
+- Added unit tests for extracted functions.
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 0881f23..dee8ac0 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1508,9 +1508,9 @@ circuit_get_unhandled_ports(time_t now)
  * If we're returning 0, set need_uptime and need_capacity to
  * indicate any requirements that the unhandled ports have.
  */
-int
-circuit_all_predicted_ports_handled(time_t now, int *need_uptime,
-int *need_capacity)
+MOCK_IMPL(int,
+circuit_all_predicted_ports_handled, (time_t now, int *need_uptime,
+  int *need_capacity))
 {
   int i, enough;
   uint16_t *port;
diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h
index 1244601..7a67589 100644
--- a/src/or/circuitbuild.h
+++ b/src/or/circuitbuild.h
@@ -40,8 +40,9 @@ int onionskin_answer(or_circuit_t *circ,
  const struct created_cell_t *created_cell,
  const char *keys,
  const uint8_t *rend_circ_nonce);
-int circuit_all_predicted_ports_handled(time_t now, int *need_uptime,
-int *need_capacity);
+MOCK_DECL(int, circuit_all_predicted_ports_handled, (time_t now,
+ int *need_uptime,
+ int *need_capacity));
 
 int circuit_append_new_exit(origin_circuit_t *circ, extend_info_t *info);
 int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *info);
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index ba7b75f..682961d 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1022,8 +1022,95 @@ circuit_stream_is_being_handled(entry_connection_t *conn,
 /** Don't keep more than this many unused open circuits around. */
 #define MAX_UNUSED_OPEN_CIRCUITS 14
 
-/** Figure out how many circuits we have open that are clean. Make
- * sure it's enough for all the upcoming behaviors we predict we'll have.
+/* Return true if a circuit is available for use, meaning that it is open,
+ * clean, usable for new multi-hop connections, and a general purpose origin
+ * circuit.
+ * Accept any kind of circuit, return false if the above conditions are not
+ * met. */
+STATIC int
+circuit_is_available_for_use(const circuit_t *circ)
+{
+  const origin_circuit_t *origin_circ;
+  cpath_build_state_t *build_state;
+
+  if (!CIRCUIT_IS_ORIGIN(circ))
+return 0;
+  if (circ->marked_for_close)
+return 0; /* Don't mess with marked circs */
+  if (circ->timestamp_dirty)
+return 0; /* Only count clean circs */
+  if (circ->purpose != CIRCUIT_PURPOSE_C_GENERAL)
+return 0;/* Only pay attention to general
+purpose circs */
+
+  origin_circ = CONST_TO_ORIGIN_CIRCUIT(circ);
+  if (origin_circ->unusable_for_new_conns)
+return 0;
+
+  build_state = origin_circ->build_state;
+  if (build_state->onehop_tunnel)
+return 0;
+
+  return 1;
+}
+
+/* Return true if we need any more exit circuits.
+ * needs_uptime and needs_capacity are set only if we need more exit circuits.
+ * Check if we know of a port that's been requested recently and no circuit
+ * is currently available that can handle it. */
+STATIC int
+needs_exit_circuits(time_t now, int *needs_uptime, int *needs_capacity)
+{
+  return (!circuit_all_predicted_ports_handled(now, needs_uptime,
+   needs_capacity) &&
+  router_have_consensus_path() == CONSENSUS_PATH_EXIT);
+}
+
+/* Return true if we need any more hidden service server circuits.
+ * HS servers only need an internal circuit. */
+STATIC int
+needs_hs_server_circuits(int num_uptime_internal)
+{
+  return (num_rend_services() && num_uptime_internal < 3 &&
+  router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN);
+}
+
+/* Return true if we need any more hidden service

[tor-commits] [tor/master] adding documentation to extracted unit test helper

2016-12-05 Thread nickm 
commit c86bbdd3aea050537dfe659013c1db2aa481bf06
Author: Chelsea H. Komlo 
Date:   Mon Nov 21 13:30:25 2016 -0500

adding documentation to extracted unit test helper
---
 src/test/test_helpers.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c
index fbc09fa..132af39 100644
--- a/src/test/test_helpers.c
+++ b/src/test/test_helpers.c
@@ -108,6 +108,8 @@ connection_write_to_buf_mock(const char *string, size_t len,
   write_to_buf(string, len, conn->outbuf);
 }
 
+/* Set up a fake origin circuit with the specified number of cells,
+ * Return a pointer to the newly-created dummy circuit */
 circuit_t *
 dummy_origin_circuit_new(int n_cells)
 {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] moving useful test helper to test_helpers.h

2016-12-05 Thread nickm 
commit b95998ef0c31c78a9952621eb1f7365ceb1d2c84
Author: Chelsea H. Komlo 
Date:   Sun Oct 16 06:40:37 2016 -0500

moving useful test helper to test_helpers.h
---
 changes/ticket18873 |  3 +++
 src/test/test_helpers.c | 21 +
 src/test/test_helpers.h |  2 ++
 src/test/test_oom.c | 19 +--
 4 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/changes/ticket18873 b/changes/ticket18873
new file mode 100644
index 000..ada6798
--- /dev/null
+++ b/changes/ticket18873
@@ -0,0 +1,3 @@
+  o Code simplification and refactoring:
+- Extracted dummy_origin_circuit_new so it can be used by other test
+  functions.
diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c
index 130ec43..fbc09fa 100644
--- a/src/test/test_helpers.c
+++ b/src/test/test_helpers.c
@@ -10,6 +10,7 @@
 #include "orconfig.h"
 #include "or.h"
 
+#include "relay.h"
 #include "routerlist.h"
 #include "nodelist.h"
 #include "buffers.h"
@@ -23,6 +24,8 @@ DISABLE_GCC_WARNING(overlength-strings)
  * at large. */
 #endif
 #include "test_descriptors.inc"
+#include "or.h"
+#include "circuitlist.h"
 #ifdef HAVE_CFLAG_WOVERLENGTH_STRINGS
 ENABLE_GCC_WARNING(overlength-strings)
 #endif
@@ -105,3 +108,21 @@ connection_write_to_buf_mock(const char *string, size_t 
len,
   write_to_buf(string, len, conn->outbuf);
 }
 
+circuit_t *
+dummy_origin_circuit_new(int n_cells)
+{
+  origin_circuit_t *circ = origin_circuit_new();
+  int i;
+  cell_t cell;
+
+  for (i=0; i < n_cells; ++i) {
+crypto_rand((void*), sizeof(cell));
+cell_queue_append_packed_copy(TO_CIRCUIT(circ),
+  _CIRCUIT(circ)->n_chan_cells,
+  1, , 1, 0);
+  }
+
+  TO_CIRCUIT(circ)->purpose = CIRCUIT_PURPOSE_C_GENERAL;
+  return TO_CIRCUIT(circ);
+}
+
diff --git a/src/test/test_helpers.h b/src/test/test_helpers.h
index b77a459..ba93b10 100644
--- a/src/test/test_helpers.h
+++ b/src/test/test_helpers.h
@@ -6,6 +6,8 @@
 
 const char *get_yesterday_date_str(void);
 
+circuit_t * dummy_origin_circuit_new(int num_cells);
+
 /* Number of descriptors contained in test_descriptors.txt. */
 #define HELPER_NUMBER_OF_DESCRIPTORS 8
 
diff --git a/src/test/test_oom.c b/src/test/test_oom.c
index 6102af0..0f97972 100644
--- a/src/test/test_oom.c
+++ b/src/test/test_oom.c
@@ -15,6 +15,7 @@
 #include "config.h"
 #include "relay.h"
 #include "test.h"
+#include "test_helpers.h"
 
 /* small replacement mock for circuit_mark_for_close_ to avoid doing all
  * the other bookkeeping that comes with marking circuits. */
@@ -58,24 +59,6 @@ dummy_or_circuit_new(int n_p_cells, int n_n_cells)
   return TO_CIRCUIT(circ);
 }
 
-static circuit_t *
-dummy_origin_circuit_new(int n_cells)
-{
-  origin_circuit_t *circ = origin_circuit_new();
-  int i;
-  cell_t cell;
-
-  for (i=0; i < n_cells; ++i) {
-crypto_rand((void*), sizeof(cell));
-cell_queue_append_packed_copy(TO_CIRCUIT(circ),
-  _CIRCUIT(circ)->n_chan_cells,
-  1, , 1, 0);
-  }
-
-  TO_CIRCUIT(circ)->purpose = CIRCUIT_PURPOSE_C_GENERAL;
-  return TO_CIRCUIT(circ);
-}
-
 static void
 add_bytes_to_buf(buf_t *buf, size_t n_bytes)
 {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] adding better comments for defines

2016-12-05 Thread nickm 
commit f83ed31089a19c6c74f8bde32b65ab7b46940327
Author: Chelsea H. Komlo 
Date:   Tue Nov 22 14:57:19 2016 -0500

adding better comments for defines
---
 src/or/circuituse.c | 15 +++
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index cceaddd..d478537 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1067,6 +1067,7 @@ needs_exit_circuits(time_t now, int *needs_uptime, int 
*needs_capacity)
   router_have_consensus_path() == CONSENSUS_PATH_EXIT);
 }
 
+/* Hidden services need at least this many internal circuits */
 #define SUFFICIENT_UPTIME_INTERNAL_HS_SERVERS 3
 
 /* Return true if we need any more hidden service server circuits.
@@ -1079,7 +1080,11 @@ needs_hs_server_circuits(int num_uptime_internal)
   router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN);
 }
 
+/* We need at least this many internal circuits for hidden service clients */
 #define SUFFICIENT_INTERNAL_HS_CLIENTS 3
+
+/* We need at least this much uptime for internal circuits for hidden service
+ * clients */
 #define SUFFICIENT_UPTIME_INTERNAL_HS_CLIENTS 2
 
 /* Return true if we need any more hidden service client circuits.
@@ -1100,11 +1105,13 @@ needs_hs_client_circuits(time_t now, int *needs_uptime, 
int *needs_capacity,
   router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN);
 }
 
-/* Check to see if we still need more circuits to learn
- * a good build timeout. But if we're close to our max number we
- * want, don't do another -- we want to leave a few slots open so
- * we can still build circuits preemptively as needed. */
+/* The minimum number of open slots we should keep in order to preemptively
+ * build circuits. */
 #define CBT_MIN_REMAINING_PREEMPTIVE_CIRCUITS 2
+
+/* Check to see if we need more circuits to have a good build timeout. However,
+ * leave a couple slots open so that we can still build circuits preemptively
+ * as needed. */
 #define CBT_MAX_UNUSED_OPEN_CIRCUITS (MAX_UNUSED_OPEN_CIRCUITS - \
   CBT_MIN_REMAINING_PREEMPTIVE_CIRCUITS)
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] re-add check for if circuit is an origin circuit

2016-12-05 Thread nickm 
commit b252773fe912aa398741c1ec3d2a8eeabf7a52dc
Author: Chelsea H. Komlo 
Date:   Mon Nov 21 15:12:21 2016 -0500

re-add check for if circuit is an origin circuit
---
 src/or/circuituse.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 6fb4f82..cceaddd 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1033,12 +1033,15 @@ circuit_is_available_for_use(const circuit_t *circ)
   const origin_circuit_t *origin_circ;
   cpath_build_state_t *build_state;
 
+  if (!CIRCUIT_IS_ORIGIN(circ))
+return 0; /* We first filter out only origin circuits before doing the
+ following checks. */
   if (circ->marked_for_close)
 return 0; /* Don't mess with marked circs */
   if (circ->timestamp_dirty)
 return 0; /* Only count clean circs */
   if (circ->purpose != CIRCUIT_PURPOSE_C_GENERAL)
-return 0; /* Only pay attention to general purpose circuits.
+return 0; /* We only pay attention to general purpose circuits.
  General purpose circuits are always origin circuits. */
 
   origin_circ = CONST_TO_ORIGIN_CIRCUIT(circ);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Refactor to remove unnecessary check in circuit_is_available_for_use

2016-12-05 Thread nickm 
commit 118bba7622ab15ea5c58ff32be178820150423ba
Author: Chelsea H. Komlo 
Date:   Wed Nov 2 09:45:02 2016 -0500

Refactor to remove unnecessary check in circuit_is_available_for_use
---
 changes/ticket18873|  1 +
 src/or/circuituse.c|  6 ++
 src/test/test_circuituse.c | 20 +++-
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/changes/ticket18873 b/changes/ticket18873
index e19a290..f1d9bef 100644
--- a/changes/ticket18873
+++ b/changes/ticket18873
@@ -4,3 +4,4 @@
 - Refactor circuit_predict_and_launch_new for readability and testability.
 - Added unit tests for extracted functions.
 - Extracted magic numbers in circuituse.c into defined variables.
+- Refactor circuit_is_available_for_use to remove unnecessary check
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 9afe77b..6fb4f82 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1033,15 +1033,13 @@ circuit_is_available_for_use(const circuit_t *circ)
   const origin_circuit_t *origin_circ;
   cpath_build_state_t *build_state;
 
-  if (!CIRCUIT_IS_ORIGIN(circ))
-return 0;
   if (circ->marked_for_close)
 return 0; /* Don't mess with marked circs */
   if (circ->timestamp_dirty)
 return 0; /* Only count clean circs */
   if (circ->purpose != CIRCUIT_PURPOSE_C_GENERAL)
-return 0;/* Only pay attention to general
-purpose circs */
+return 0; /* Only pay attention to general purpose circuits.
+ General purpose circuits are always origin circuits. */
 
   origin_circ = CONST_TO_ORIGIN_CIRCUIT(circ);
   if (origin_circ->unusable_for_new_conns)
diff --git a/src/test/test_circuituse.c b/src/test/test_circuituse.c
index 23f1f9c..edbc9f6 100644
--- a/src/test/test_circuituse.c
+++ b/src/test/test_circuituse.c
@@ -46,7 +46,21 @@ 
test_circuit_is_available_for_use_ret_false_for_non_general_purpose(void *arg)
   (void)arg;
 
   circuit_t *circ = tor_malloc(sizeof(circuit_t));
-  circ->purpose = CIRCUIT_PURPOSE_OR;
+  circ->purpose = CIRCUIT_PURPOSE_REND_POINT_WAITING;
+
+  tt_int_op(0, ==, circuit_is_available_for_use(circ));
+
+  done:
+tor_free(circ);
+}
+
+static void
+test_circuit_is_available_for_use_ret_false_for_non_general_origin(void *arg)
+{
+  (void)arg;
+
+  circuit_t *circ = tor_malloc(sizeof(circuit_t));
+  circ->purpose = CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT;
 
   tt_int_op(0, ==, circuit_is_available_for_use(circ));
 
@@ -235,6 +249,10 @@ struct testcase_t circuituse_tests[] = {
test_circuit_is_available_for_use_ret_false_for_non_general_purpose,
TT_FORK, NULL, NULL
  },
+ { "non_general",
+  test_circuit_is_available_for_use_ret_false_for_non_general_origin,
+   TT_FORK, NULL, NULL
+ },
  { "origin",
test_circuit_is_available_for_use_ret_false_for_non_origin_purpose,
TT_FORK, NULL, NULL



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'chelseakomlo/circuituse'

2016-12-05 Thread nickm 
commit f96f4c0e4218ccba48e5b575020caca4f5e6576e
Merge: 0ded723 2331e70
Author: Nick Mathewson 
Date:   Mon Dec 5 08:25:22 2016 -0500

Merge remote-tracking branch 'chelseakomlo/circuituse'

 changes/ticket18873|   7 ++
 src/or/circuitbuild.c  |   6 +-
 src/or/circuitbuild.h  |   5 +-
 src/or/circuituse.c| 188 
 src/or/circuituse.h|  20 +++
 src/or/nodelist.c  |   4 +-
 src/or/nodelist.h  |   3 +-
 src/test/include.am|   1 +
 src/test/test.c|   1 +
 src/test/test.h|   1 +
 src/test/test_circuituse.c | 302 +
 src/test/test_helpers.c|  23 
 src/test/test_helpers.h|   2 +
 src/test/test_oom.c|  19 +--
 14 files changed, 502 insertions(+), 80 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Test for .git as readable instead of a dir to support worktrees

2016-12-05 Thread nickm 
commit cf2f36b8b422aa4cf11282bc14421b6dbfa54beb
Author: J. Ryan Stinnett 
Date:   Sun Dec 4 21:16:59 2016 -0600

Test for .git as readable instead of a dir to support worktrees

Fixes #20492.
---
 changes/20492 | 4 
 src/or/include.am | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/changes/20492 b/changes/20492
new file mode 100644
index 000..fdcd4d0
--- /dev/null
+++ b/changes/20492
@@ -0,0 +1,4 @@
+  o Minor bugfix (build):
+- The current Git revision when building from a local repository is now
+  detected correctly when using git worktrees.  Fixes bug 20492; bugfix on
+  0.2.3.9-alpha.
diff --git a/src/or/include.am b/src/or/include.am
index b4554aa..ae493b7 100644
--- a/src/or/include.am
+++ b/src/or/include.am
@@ -198,7 +198,7 @@ noinst_HEADERS+= $(ORHEADERS) micro-revision.i
 
 micro-revision.i: FORCE
$(AM_V_at)rm -f micro-revision.tmp; \
-   if test -d "$(top_srcdir)/.git" && \
+   if test -r "$(top_srcdir)/.git" && \
test -x "`which git 2>&1;true`"; then \
HASH="`cd "$(top_srcdir)" && git rev-parse --short=16 HEAD`"; \
echo \"$$HASH\" > micro-revision.tmp; \

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.9'

2016-12-05 Thread nickm 
commit 0ded72322c87ec836a40b6704ee0919add741a53
Merge: 8230cf7 cf2f36b
Author: Nick Mathewson 
Date:   Mon Dec 5 08:21:46 2016 -0500

Merge branch 'maint-0.2.9'

 changes/20492 | 4 
 src/or/include.am | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Test for .git as readable instead of a dir to support worktrees

2016-12-05 Thread nickm 
commit cf2f36b8b422aa4cf11282bc14421b6dbfa54beb
Author: J. Ryan Stinnett 
Date:   Sun Dec 4 21:16:59 2016 -0600

Test for .git as readable instead of a dir to support worktrees

Fixes #20492.
---
 changes/20492 | 4 
 src/or/include.am | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/changes/20492 b/changes/20492
new file mode 100644
index 000..fdcd4d0
--- /dev/null
+++ b/changes/20492
@@ -0,0 +1,4 @@
+  o Minor bugfix (build):
+- The current Git revision when building from a local repository is now
+  detected correctly when using git worktrees.  Fixes bug 20492; bugfix on
+  0.2.3.9-alpha.
diff --git a/src/or/include.am b/src/or/include.am
index b4554aa..ae493b7 100644
--- a/src/or/include.am
+++ b/src/or/include.am
@@ -198,7 +198,7 @@ noinst_HEADERS+= $(ORHEADERS) micro-revision.i
 
 micro-revision.i: FORCE
$(AM_V_at)rm -f micro-revision.tmp; \
-   if test -d "$(top_srcdir)/.git" && \
+   if test -r "$(top_srcdir)/.git" && \
test -x "`which git 2>&1;true`"; then \
HASH="`cd "$(top_srcdir)" && git rev-parse --short=16 HEAD`"; \
echo \"$$HASH\" > micro-revision.tmp; \



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9

2016-12-05 Thread nickm 
commit 5032489e80af7236dd571da34cb659ab5fc7ccd6
Merge: b4c648c cf2f36b
Author: Nick Mathewson 
Date:   Mon Dec 5 08:21:40 2016 -0500

Merge branch 'maint-0.2.9' into release-0.2.9

 changes/20492 | 4 
 src/or/include.am | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Test for .git as readable instead of a dir to support worktrees

2016-12-05 Thread nickm 
commit cf2f36b8b422aa4cf11282bc14421b6dbfa54beb
Author: J. Ryan Stinnett 
Date:   Sun Dec 4 21:16:59 2016 -0600

Test for .git as readable instead of a dir to support worktrees

Fixes #20492.
---
 changes/20492 | 4 
 src/or/include.am | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/changes/20492 b/changes/20492
new file mode 100644
index 000..fdcd4d0
--- /dev/null
+++ b/changes/20492
@@ -0,0 +1,4 @@
+  o Minor bugfix (build):
+- The current Git revision when building from a local repository is now
+  detected correctly when using git worktrees.  Fixes bug 20492; bugfix on
+  0.2.3.9-alpha.
diff --git a/src/or/include.am b/src/or/include.am
index b4554aa..ae493b7 100644
--- a/src/or/include.am
+++ b/src/or/include.am
@@ -198,7 +198,7 @@ noinst_HEADERS+= $(ORHEADERS) micro-revision.i
 
 micro-revision.i: FORCE
$(AM_V_at)rm -f micro-revision.tmp; \
-   if test -d "$(top_srcdir)/.git" && \
+   if test -r "$(top_srcdir)/.git" && \
test -x "`which git 2>&1;true`"; then \
HASH="`cd "$(top_srcdir)" && git rev-parse --short=16 HEAD`"; \
echo \"$$HASH\" > micro-revision.tmp; \



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Merge remote-tracking branch 'teor/bug20864-029' into maint-0.2.9

2016-12-05 Thread nickm 
commit a23c581d13c164752effa9ccfa840192187f1388
Merge: 0d0c7a1 ebf243b
Author: Nick Mathewson 
Date:   Mon Dec 5 08:10:48 2016 -0500

Merge remote-tracking branch 'teor/bug20864-029' into maint-0.2.9

 changes/bug20864   |  4 
 src/test/test_hs.c | 13 -
 2 files changed, 12 insertions(+), 5 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Move a comment in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit e8ce57e6e8e8b245f0378ef3aae4fdc55534cbd8
Author: teor 
Date:   Sat Dec 3 06:30:58 2016 +1100

Move a comment in test_single_onion_poisoning
---
 src/test/test_hs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 067e6b4..690e07e 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -767,10 +767,10 @@ test_single_onion_poisoning(void *arg)
   tt_assert(ret == 0);
 
  done:
+  /* The test harness deletes the directories at exit */
   tor_free(poison_path);
   tor_free(dir1);
   tor_free(dir2);
-  /* The test harness deletes the directories at exit */
   smartlist_free(services);
   rend_service_free(service_1);
   rend_service_free(service_2);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Refactor poison_dir allocation and free in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit c100c5c69b4fd3b464b2395263e77cc6e1051ef3
Author: teor 
Date:   Sat Dec 3 06:25:46 2016 +1100

Refactor poison_dir allocation and free in test_single_onion_poisoning

This pattern is much less error-prone when future changes are made.
---
 src/test/test_hs.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index f4ba7f9..1039c64 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -541,6 +541,7 @@ test_single_onion_poisoning(void *arg)
   rend_service_t *service_2 = tor_malloc_zero(sizeof(rend_service_t));
   char *dir2 = tor_strdup(get_fname_rnd("test_hs_dir2"));
   smartlist_t *services = smartlist_new();
+  char *poison_path = NULL;
 
   /* No services, no service to verify, no problem! */
   mock_options->HiddenServiceSingleHopMode = 0;
@@ -706,9 +707,9 @@ test_single_onion_poisoning(void *arg)
 
   /* Now remove the poisoning from the first service, and we have the opposite
* problem. */
-  char *poison_path = rend_service_sos_poison_path(service_1);
+  poison_path = rend_service_sos_poison_path(service_1);
+  tt_assert(poison_path);
   ret = unlink(poison_path);
-  tor_free(poison_path);
   tt_assert(ret == 0);
 
   /* Unpoisoned service directories with previous keys are ok, as are empty
@@ -765,6 +766,7 @@ test_single_onion_poisoning(void *arg)
   tt_assert(ret == 0);
 
  done:
+  tor_free(poison_path);
   tor_free(dir1);
   tor_free(dir2);
   /* The test harness deletes the directories at exit */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Add a missing return value check in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit 8d42aab3f68d7d01c87bbfe60c30c438d70437c3
Author: teor 
Date:   Sat Dec 3 06:30:06 2016 +1100

Add a missing return value check in test_single_onion_poisoning
---
 src/test/test_hs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index c7aaace..067e6b4 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -688,6 +688,7 @@ test_single_onion_poisoning(void *arg)
 
   /* Now add the second service: it has no key and no poison file */
   ret = rend_service_check_dir_and_add(services, mock_options, service_2, 0);
+  tt_assert(ret == 0);
 
   /* A new service, and an existing poisoned service. Not ok. */
   mock_options->HiddenServiceSingleHopMode = 0;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'jryans/local-hostname'

2016-12-05 Thread nickm 
commit 8230cf7ea601266a70e1cf1b7610d592c177496b
Merge: f7e8bd6 7ffa95a
Author: Nick Mathewson 
Date:   Mon Dec 5 08:17:01 2016 -0500

Merge remote-tracking branch 'jryans/local-hostname'

 changes/17070| 4 
 doc/tor.1.txt| 3 ++-
 src/common/address.c | 3 ++-
 3 files changed, 8 insertions(+), 2 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Clarify that ClientRejectInternalAddresses also rejects mDNS *.local hosts

2016-12-05 Thread nickm 
commit 7ffa95abd935fd6ac10abd96e8a8d14aa9035caf
Author: J. Ryan Stinnett 
Date:   Sat Dec 3 21:06:30 2016 -0600

Clarify that ClientRejectInternalAddresses also rejects mDNS *.local hosts

Fixes #17070.
---
 changes/17070| 4 
 doc/tor.1.txt| 3 ++-
 src/common/address.c | 3 ++-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/changes/17070 b/changes/17070
new file mode 100644
index 000..ffe616f
--- /dev/null
+++ b/changes/17070
@@ -0,0 +1,4 @@
+  o Documentation (SOCKS connections):
+- Clarify that when `ClientRejectInternalAddresses` is enabled (which is 
the
+  default), multicast DNS hostnames for machines on the local network (of
+  the form *.local) are also rejected.  Closes ticket 17070.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index aa3859e..c4219d9 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1414,7 +1414,8 @@ The following options are useful only for clients (that 
is, if
 If true, Tor does not try to fulfill requests to connect to an internal
 address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is
 specifically requested__ (for example, via a .exit hostname, or a
-controller request).  (Default: 1)
+controller request).  If true, multicast DNS hostnames for machines on the
+local network (of the form *.local) are also rejected.  (Default: 1)
 
 [[DownloadExtraInfo]] **DownloadExtraInfo** **0**|**1**::
 If true, Tor downloads and caches "extra-info" documents. These documents
diff --git a/src/common/address.c b/src/common/address.c
index 773e688..fa6630e 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -2100,7 +2100,8 @@ get_interface_address,(int severity, uint32_t *addr))
 }
 
 /** Return true if we can tell that name is a canonical name for the
- * loopback address. */
+ * loopback address.  Return true also for *.local hostnames, which are
+ * multicast DNS names for hosts on the local network. */
 int
 tor_addr_hostname_is_local(const char *name)
 {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Fix changes file for 20864: 20638 _did_ get into 0.2.9

2016-12-05 Thread nickm 
commit 42ec60ecfbff39c454945bc52def0df196ec38b8
Author: Nick Mathewson 
Date:   Mon Dec 5 08:12:10 2016 -0500

Fix changes file for 20864: 20638 _did_ get into 0.2.9
---
 changes/bug20864 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/changes/bug20864 b/changes/bug20864
index 079e609..7b8c70f 100644
--- a/changes/bug20864
+++ b/changes/bug20864
@@ -1,4 +1,4 @@
-  o Minor bugfixes (hidden services):
+  o Minor bugfixes (unit tests, hidden services):
 - Remove a double-free in the single onion service unit test. Stop
   ignoring a return value. Make future changes less error-prone.
-  Fixes bug 20864; bugfix on 20638; not in any released version of tor.
+  Fixes bug 20864; bugfix on 0.2.9.6-rc.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Move a comment in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit e8ce57e6e8e8b245f0378ef3aae4fdc55534cbd8
Author: teor 
Date:   Sat Dec 3 06:30:58 2016 +1100

Move a comment in test_single_onion_poisoning
---
 src/test/test_hs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 067e6b4..690e07e 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -767,10 +767,10 @@ test_single_onion_poisoning(void *arg)
   tt_assert(ret == 0);
 
  done:
+  /* The test harness deletes the directories at exit */
   tor_free(poison_path);
   tor_free(dir1);
   tor_free(dir2);
-  /* The test harness deletes the directories at exit */
   smartlist_free(services);
   rend_service_free(service_1);
   rend_service_free(service_2);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge remote-tracking branch 'teor/bug20864-029' into maint-0.2.9

2016-12-05 Thread nickm 
commit a23c581d13c164752effa9ccfa840192187f1388
Merge: 0d0c7a1 ebf243b
Author: Nick Mathewson 
Date:   Mon Dec 5 08:10:48 2016 -0500

Merge remote-tracking branch 'teor/bug20864-029' into maint-0.2.9

 changes/bug20864   |  4 
 src/test/test_hs.c | 13 -
 2 files changed, 12 insertions(+), 5 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Remove a double-free in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit fdd368d6564e955422337af53e0723b571b8da57
Author: teor 
Date:   Sat Dec 3 06:27:32 2016 +1100

Remove a double-free in test_single_onion_poisoning

We were freeing both dir{1,2} directly, and service_{1,2}->directory via
rend_service_free, even though they are the same pointer.
---
 src/test/test_hs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 1039c64..c7aaace 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -570,8 +570,8 @@ test_single_onion_poisoning(void *arg)
 tt_assert(ret == 0);
   }
 
-  service_1->directory = dir1;
-  service_2->directory = dir2;
+  service_1->directory = tor_strdup(dir1);
+  service_2->directory = tor_strdup(dir2);
   /* The services own the directory pointers now */
   dir1 = dir2 = NULL;
   /* Add port to service 1 */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9

2016-12-05 Thread nickm 
commit b4c648c6c0755e915fefb33431c2865382f11cf8
Merge: 4178708 42ec60e
Author: Nick Mathewson 
Date:   Mon Dec 5 08:13:09 2016 -0500

Merge branch 'maint-0.2.9' into release-0.2.9

 changes/bug20864   |  4 
 src/test/test_hs.c | 13 -
 2 files changed, 12 insertions(+), 5 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.9'

2016-12-05 Thread nickm 
commit f7e8bd640a3c5e2227f991ea9ffe0fef3510d86d
Merge: 6eb1b4b 42ec60e
Author: Nick Mathewson 
Date:   Mon Dec 5 08:13:14 2016 -0500

Merge branch 'maint-0.2.9'

 changes/bug20864   |  4 
 src/test/test_hs.c | 13 -
 2 files changed, 12 insertions(+), 5 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Refactor poison_dir allocation and free in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit c100c5c69b4fd3b464b2395263e77cc6e1051ef3
Author: teor 
Date:   Sat Dec 3 06:25:46 2016 +1100

Refactor poison_dir allocation and free in test_single_onion_poisoning

This pattern is much less error-prone when future changes are made.
---
 src/test/test_hs.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index f4ba7f9..1039c64 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -541,6 +541,7 @@ test_single_onion_poisoning(void *arg)
   rend_service_t *service_2 = tor_malloc_zero(sizeof(rend_service_t));
   char *dir2 = tor_strdup(get_fname_rnd("test_hs_dir2"));
   smartlist_t *services = smartlist_new();
+  char *poison_path = NULL;
 
   /* No services, no service to verify, no problem! */
   mock_options->HiddenServiceSingleHopMode = 0;
@@ -706,9 +707,9 @@ test_single_onion_poisoning(void *arg)
 
   /* Now remove the poisoning from the first service, and we have the opposite
* problem. */
-  char *poison_path = rend_service_sos_poison_path(service_1);
+  poison_path = rend_service_sos_poison_path(service_1);
+  tt_assert(poison_path);
   ret = unlink(poison_path);
-  tor_free(poison_path);
   tt_assert(ret == 0);
 
   /* Unpoisoned service directories with previous keys are ok, as are empty
@@ -765,6 +766,7 @@ test_single_onion_poisoning(void *arg)
   tt_assert(ret == 0);
 
  done:
+  tor_free(poison_path);
   tor_free(dir1);
   tor_free(dir2);
   /* The test harness deletes the directories at exit */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Refactor poison_dir allocation and free in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit c100c5c69b4fd3b464b2395263e77cc6e1051ef3
Author: teor 
Date:   Sat Dec 3 06:25:46 2016 +1100

Refactor poison_dir allocation and free in test_single_onion_poisoning

This pattern is much less error-prone when future changes are made.
---
 src/test/test_hs.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index f4ba7f9..1039c64 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -541,6 +541,7 @@ test_single_onion_poisoning(void *arg)
   rend_service_t *service_2 = tor_malloc_zero(sizeof(rend_service_t));
   char *dir2 = tor_strdup(get_fname_rnd("test_hs_dir2"));
   smartlist_t *services = smartlist_new();
+  char *poison_path = NULL;
 
   /* No services, no service to verify, no problem! */
   mock_options->HiddenServiceSingleHopMode = 0;
@@ -706,9 +707,9 @@ test_single_onion_poisoning(void *arg)
 
   /* Now remove the poisoning from the first service, and we have the opposite
* problem. */
-  char *poison_path = rend_service_sos_poison_path(service_1);
+  poison_path = rend_service_sos_poison_path(service_1);
+  tt_assert(poison_path);
   ret = unlink(poison_path);
-  tor_free(poison_path);
   tt_assert(ret == 0);
 
   /* Unpoisoned service directories with previous keys are ok, as are empty
@@ -765,6 +766,7 @@ test_single_onion_poisoning(void *arg)
   tt_assert(ret == 0);
 
  done:
+  tor_free(poison_path);
   tor_free(dir1);
   tor_free(dir2);
   /* The test harness deletes the directories at exit */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Remove a double-free in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit fdd368d6564e955422337af53e0723b571b8da57
Author: teor 
Date:   Sat Dec 3 06:27:32 2016 +1100

Remove a double-free in test_single_onion_poisoning

We were freeing both dir{1,2} directly, and service_{1,2}->directory via
rend_service_free, even though they are the same pointer.
---
 src/test/test_hs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 1039c64..c7aaace 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -570,8 +570,8 @@ test_single_onion_poisoning(void *arg)
 tt_assert(ret == 0);
   }
 
-  service_1->directory = dir1;
-  service_2->directory = dir2;
+  service_1->directory = tor_strdup(dir1);
+  service_2->directory = tor_strdup(dir2);
   /* The services own the directory pointers now */
   dir1 = dir2 = NULL;
   /* Add port to service 1 */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Fix changes file for 20864: 20638 _did_ get into 0.2.9

2016-12-05 Thread nickm 
commit 42ec60ecfbff39c454945bc52def0df196ec38b8
Author: Nick Mathewson 
Date:   Mon Dec 5 08:12:10 2016 -0500

Fix changes file for 20864: 20638 _did_ get into 0.2.9
---
 changes/bug20864 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/changes/bug20864 b/changes/bug20864
index 079e609..7b8c70f 100644
--- a/changes/bug20864
+++ b/changes/bug20864
@@ -1,4 +1,4 @@
-  o Minor bugfixes (hidden services):
+  o Minor bugfixes (unit tests, hidden services):
 - Remove a double-free in the single onion service unit test. Stop
   ignoring a return value. Make future changes less error-prone.
-  Fixes bug 20864; bugfix on 20638; not in any released version of tor.
+  Fixes bug 20864; bugfix on 0.2.9.6-rc.

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'teor/bug20864-029' into maint-0.2.9

2016-12-05 Thread nickm 
commit a23c581d13c164752effa9ccfa840192187f1388
Merge: 0d0c7a1 ebf243b
Author: Nick Mathewson 
Date:   Mon Dec 5 08:10:48 2016 -0500

Merge remote-tracking branch 'teor/bug20864-029' into maint-0.2.9

 changes/bug20864   |  4 
 src/test/test_hs.c | 13 -
 2 files changed, 12 insertions(+), 5 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix changes file for 20864: 20638 _did_ get into 0.2.9

2016-12-05 Thread nickm 
commit 42ec60ecfbff39c454945bc52def0df196ec38b8
Author: Nick Mathewson 
Date:   Mon Dec 5 08:12:10 2016 -0500

Fix changes file for 20864: 20638 _did_ get into 0.2.9
---
 changes/bug20864 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/changes/bug20864 b/changes/bug20864
index 079e609..7b8c70f 100644
--- a/changes/bug20864
+++ b/changes/bug20864
@@ -1,4 +1,4 @@
-  o Minor bugfixes (hidden services):
+  o Minor bugfixes (unit tests, hidden services):
 - Remove a double-free in the single onion service unit test. Stop
   ignoring a return value. Make future changes less error-prone.
-  Fixes bug 20864; bugfix on 20638; not in any released version of tor.
+  Fixes bug 20864; bugfix on 0.2.9.6-rc.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Changes file for 20864

2016-12-05 Thread nickm 
commit ebf243bc5b3ad083eaee2d412520e5d617473792
Author: teor 
Date:   Sat Dec 3 06:35:45 2016 +1100

Changes file for 20864
---
 changes/bug20864 | 4 
 1 file changed, 4 insertions(+)

diff --git a/changes/bug20864 b/changes/bug20864
new file mode 100644
index 000..079e609
--- /dev/null
+++ b/changes/bug20864
@@ -0,0 +1,4 @@
+  o Minor bugfixes (hidden services):
+- Remove a double-free in the single onion service unit test. Stop
+  ignoring a return value. Make future changes less error-prone.
+  Fixes bug 20864; bugfix on 20638; not in any released version of tor.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Changes file for 20864

2016-12-05 Thread nickm 
commit ebf243bc5b3ad083eaee2d412520e5d617473792
Author: teor 
Date:   Sat Dec 3 06:35:45 2016 +1100

Changes file for 20864
---
 changes/bug20864 | 4 
 1 file changed, 4 insertions(+)

diff --git a/changes/bug20864 b/changes/bug20864
new file mode 100644
index 000..079e609
--- /dev/null
+++ b/changes/bug20864
@@ -0,0 +1,4 @@
+  o Minor bugfixes (hidden services):
+- Remove a double-free in the single onion service unit test. Stop
+  ignoring a return value. Make future changes less error-prone.
+  Fixes bug 20864; bugfix on 20638; not in any released version of tor.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Add a missing return value check in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit 8d42aab3f68d7d01c87bbfe60c30c438d70437c3
Author: teor 
Date:   Sat Dec 3 06:30:06 2016 +1100

Add a missing return value check in test_single_onion_poisoning
---
 src/test/test_hs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index c7aaace..067e6b4 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -688,6 +688,7 @@ test_single_onion_poisoning(void *arg)
 
   /* Now add the second service: it has no key and no poison file */
   ret = rend_service_check_dir_and_add(services, mock_options, service_2, 0);
+  tt_assert(ret == 0);
 
   /* A new service, and an existing poisoned service. Not ok. */
   mock_options->HiddenServiceSingleHopMode = 0;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Move a comment in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit e8ce57e6e8e8b245f0378ef3aae4fdc55534cbd8
Author: teor 
Date:   Sat Dec 3 06:30:58 2016 +1100

Move a comment in test_single_onion_poisoning
---
 src/test/test_hs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 067e6b4..690e07e 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -767,10 +767,10 @@ test_single_onion_poisoning(void *arg)
   tt_assert(ret == 0);
 
  done:
+  /* The test harness deletes the directories at exit */
   tor_free(poison_path);
   tor_free(dir1);
   tor_free(dir2);
-  /* The test harness deletes the directories at exit */
   smartlist_free(services);
   rend_service_free(service_1);
   rend_service_free(service_2);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Remove a double-free in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit fdd368d6564e955422337af53e0723b571b8da57
Author: teor 
Date:   Sat Dec 3 06:27:32 2016 +1100

Remove a double-free in test_single_onion_poisoning

We were freeing both dir{1,2} directly, and service_{1,2}->directory via
rend_service_free, even though they are the same pointer.
---
 src/test/test_hs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 1039c64..c7aaace 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -570,8 +570,8 @@ test_single_onion_poisoning(void *arg)
 tt_assert(ret == 0);
   }
 
-  service_1->directory = dir1;
-  service_2->directory = dir2;
+  service_1->directory = tor_strdup(dir1);
+  service_2->directory = tor_strdup(dir2);
   /* The services own the directory pointers now */
   dir1 = dir2 = NULL;
   /* Add port to service 1 */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Add a missing return value check in test_single_onion_poisoning

2016-12-05 Thread nickm 
commit 8d42aab3f68d7d01c87bbfe60c30c438d70437c3
Author: teor 
Date:   Sat Dec 3 06:30:06 2016 +1100

Add a missing return value check in test_single_onion_poisoning
---
 src/test/test_hs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index c7aaace..067e6b4 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -688,6 +688,7 @@ test_single_onion_poisoning(void *arg)
 
   /* Now add the second service: it has no key and no poison file */
   ret = rend_service_check_dir_and_add(services, mock_options, service_2, 0);
+  tt_assert(ret == 0);
 
   /* A new service, and an existing poisoned service. Not ok. */
   mock_options->HiddenServiceSingleHopMode = 0;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.9'

2016-12-05 Thread nickm 
commit 6eb1b4bd9cbf16339b30c2531dd1997291cc0d4c
Merge: 8a0ea3e 0d0c7a1
Author: Nick Mathewson 
Date:   Mon Dec 5 08:06:36 2016 -0500

Merge branch 'maint-0.2.9'

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.8' into maint-0.2.9

2016-12-05 Thread nickm 
commit 0d0c7a11649db161070ab96310ff301be6dd704c
Merge: 907cd8a 2a36541
Author: Nick Mathewson 
Date:   Mon Dec 5 08:05:37 2016 -0500

Merge branch 'maint-0.2.8' into maint-0.2.9




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Always Use EVP_aes_*_ctr() with openssl 1.1

2016-12-05 Thread nickm 
commit 2a365413ebc7ab0055bd4c2fc11697666fc90f7b
Author: Nick Mathewson 
Date:   Sun Nov 6 21:01:25 2016 -0500

Always Use EVP_aes_*_ctr() with openssl 1.1

(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
---
 changes/bug20588 | 3 +++
 src/common/aes.c | 9 -
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/changes/bug20588 b/changes/bug20588
new file mode 100644
index 000..be199b2
--- /dev/null
+++ b/changes/bug20588
@@ -0,0 +1,3 @@
+  o Minor bugfixes (portability):
+- Fix compilation with OpenSSL 1.1 and less commonly-used
+  CPU architectures. Closes ticket 20588.
diff --git a/src/common/aes.c b/src/common/aes.c
index 15970a7..8edfc5d 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -73,7 +73,14 @@
  * gives us, and the best possible counter-mode implementation, and combine
  * them.
  */
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
+
+/* With newer OpenSSL versions, the older fallback modes don't compile.  So
+ * don't use them, even if we lack specific acceleration. */
+
+#define USE_EVP_AES_CTR
+
+#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
   (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||  \
defined(__x86_64) || defined(__x86_64__) ||  \
defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))  \



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Always Use EVP_aes_*_ctr() with openssl 1.1

2016-12-05 Thread nickm 
commit 2a365413ebc7ab0055bd4c2fc11697666fc90f7b
Author: Nick Mathewson 
Date:   Sun Nov 6 21:01:25 2016 -0500

Always Use EVP_aes_*_ctr() with openssl 1.1

(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
---
 changes/bug20588 | 3 +++
 src/common/aes.c | 9 -
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/changes/bug20588 b/changes/bug20588
new file mode 100644
index 000..be199b2
--- /dev/null
+++ b/changes/bug20588
@@ -0,0 +1,3 @@
+  o Minor bugfixes (portability):
+- Fix compilation with OpenSSL 1.1 and less commonly-used
+  CPU architectures. Closes ticket 20588.
diff --git a/src/common/aes.c b/src/common/aes.c
index 15970a7..8edfc5d 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -73,7 +73,14 @@
  * gives us, and the best possible counter-mode implementation, and combine
  * them.
  */
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
+
+/* With newer OpenSSL versions, the older fallback modes don't compile.  So
+ * don't use them, even if we lack specific acceleration. */
+
+#define USE_EVP_AES_CTR
+
+#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
   (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||  \
defined(__x86_64) || defined(__x86_64__) ||  \
defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))  \



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.8' into maint-0.2.9

2016-12-05 Thread nickm 
commit 0d0c7a11649db161070ab96310ff301be6dd704c
Merge: 907cd8a 2a36541
Author: Nick Mathewson 
Date:   Mon Dec 5 08:05:37 2016 -0500

Merge branch 'maint-0.2.8' into maint-0.2.9




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Always Use EVP_aes_*_ctr() with openssl 1.1

2016-12-05 Thread nickm 
commit 2a365413ebc7ab0055bd4c2fc11697666fc90f7b
Author: Nick Mathewson 
Date:   Sun Nov 6 21:01:25 2016 -0500

Always Use EVP_aes_*_ctr() with openssl 1.1

(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
---
 changes/bug20588 | 3 +++
 src/common/aes.c | 9 -
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/changes/bug20588 b/changes/bug20588
new file mode 100644
index 000..be199b2
--- /dev/null
+++ b/changes/bug20588
@@ -0,0 +1,3 @@
+  o Minor bugfixes (portability):
+- Fix compilation with OpenSSL 1.1 and less commonly-used
+  CPU architectures. Closes ticket 20588.
diff --git a/src/common/aes.c b/src/common/aes.c
index 15970a7..8edfc5d 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -73,7 +73,14 @@
  * gives us, and the best possible counter-mode implementation, and combine
  * them.
  */
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
+
+/* With newer OpenSSL versions, the older fallback modes don't compile.  So
+ * don't use them, even if we lack specific acceleration. */
+
+#define USE_EVP_AES_CTR
+
+#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
   (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||  \
defined(__x86_64) || defined(__x86_64__) ||  \
defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))  \



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9

2016-12-05 Thread nickm 
commit 4178708f3c4a8e2bd077e31c01f3b6ab50f6d445
Merge: 567852f 0d0c7a1
Author: Nick Mathewson 
Date:   Mon Dec 5 08:05:45 2016 -0500

Merge branch 'maint-0.2.9' into release-0.2.9

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Always Use EVP_aes_*_ctr() with openssl 1.1

2016-12-05 Thread nickm 
commit 2a365413ebc7ab0055bd4c2fc11697666fc90f7b
Author: Nick Mathewson 
Date:   Sun Nov 6 21:01:25 2016 -0500

Always Use EVP_aes_*_ctr() with openssl 1.1

(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
---
 changes/bug20588 | 3 +++
 src/common/aes.c | 9 -
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/changes/bug20588 b/changes/bug20588
new file mode 100644
index 000..be199b2
--- /dev/null
+++ b/changes/bug20588
@@ -0,0 +1,3 @@
+  o Minor bugfixes (portability):
+- Fix compilation with OpenSSL 1.1 and less commonly-used
+  CPU architectures. Closes ticket 20588.
diff --git a/src/common/aes.c b/src/common/aes.c
index 15970a7..8edfc5d 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -73,7 +73,14 @@
  * gives us, and the best possible counter-mode implementation, and combine
  * them.
  */
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
+
+/* With newer OpenSSL versions, the older fallback modes don't compile.  So
+ * don't use them, even if we lack specific acceleration. */
+
+#define USE_EVP_AES_CTR
+
+#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
   (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||  \
defined(__x86_64) || defined(__x86_64__) ||  \
defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))  \



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Merge branch 'maint-0.2.8' into release-0.2.8

2016-12-05 Thread nickm 
commit 5b336f2e0b792b2927b1d3bdc521d81221c5e157
Merge: eede3a1 2a36541
Author: Nick Mathewson 
Date:   Mon Dec 5 08:04:04 2016 -0500

Merge branch 'maint-0.2.8' into release-0.2.8

 changes/bug20588 | 3 +++
 src/common/aes.c | 9 -
 2 files changed, 11 insertions(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Merge branch 'maint-0.2.8' into maint-0.2.9

2016-12-05 Thread nickm 
commit 0d0c7a11649db161070ab96310ff301be6dd704c
Merge: 907cd8a 2a36541
Author: Nick Mathewson 
Date:   Mon Dec 5 08:05:37 2016 -0500

Merge branch 'maint-0.2.8' into maint-0.2.9

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] Always Use EVP_aes_*_ctr() with openssl 1.1

2016-12-05 Thread nickm 
commit 2a365413ebc7ab0055bd4c2fc11697666fc90f7b
Author: Nick Mathewson 
Date:   Sun Nov 6 21:01:25 2016 -0500

Always Use EVP_aes_*_ctr() with openssl 1.1

(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
---
 changes/bug20588 | 3 +++
 src/common/aes.c | 9 -
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/changes/bug20588 b/changes/bug20588
new file mode 100644
index 000..be199b2
--- /dev/null
+++ b/changes/bug20588
@@ -0,0 +1,3 @@
+  o Minor bugfixes (portability):
+- Fix compilation with OpenSSL 1.1 and less commonly-used
+  CPU architectures. Closes ticket 20588.
diff --git a/src/common/aes.c b/src/common/aes.c
index 15970a7..8edfc5d 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -73,7 +73,14 @@
  * gives us, and the best possible counter-mode implementation, and combine
  * them.
  */
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
+
+/* With newer OpenSSL versions, the older fallback modes don't compile.  So
+ * don't use them, even if we lack specific acceleration. */
+
+#define USE_EVP_AES_CTR
+
+#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&   \
   (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||  \
defined(__x86_64) || defined(__x86_64__) ||  \
defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))  \

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sandboxed-tor-browser/master] This is the first pass at trying to constrain resource use by sandboxed

2016-12-05 Thread yawning 
commit 82fcc3247c878cff63bbf34fe0c397638a232bde
Author: Yawning Angel 
Date:   Mon Dec 5 10:30:37 2016 +

This is the first pass at trying to constrain resource use by sandboxed
processes.

I still need to decide what to do about `RLIMIT_AS`, `RLIMIT_DATA`,
and `RLIMIT_FSIZE`.  I agree that setting them would be sensible, but
it needs UI integration, which will take some thinking.
---
 src/cmd/gen-seccomp/seccomp_firefox.go |   2 +-
 .../internal/sandbox/rlimit.go | 110 +
 src/cmd/sandboxed-tor-browser/internal/ui/ui.go|   5 +
 3 files changed, 116 insertions(+), 1 deletion(-)

diff --git a/src/cmd/gen-seccomp/seccomp_firefox.go 
b/src/cmd/gen-seccomp/seccomp_firefox.go
index 465d8fe..75a7dd3 100644
--- a/src/cmd/gen-seccomp/seccomp_firefox.go
+++ b/src/cmd/gen-seccomp/seccomp_firefox.go
@@ -117,7 +117,6 @@ func compileTorBrowserSeccompProfile(fd *os.File, is386 
bool) error {
"brk",
"mincore",
"mmap",
-   "mlock",
"mprotect",
"mremap",
"munmap",
@@ -182,6 +181,7 @@ func compileTorBrowserSeccompProfile(fd *os.File, is386 
bool) error {
// "vfork",
// "memfd_create", (PulseAudio?  Won't work in our container.)
// "personality",
+   // "mlock",
}
if is386 {
allowedNoArgs386 := []string{
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/rlimit.go 
b/src/cmd/sandboxed-tor-browser/internal/sandbox/rlimit.go
new file mode 100644
index 000..9ac9aed
--- /dev/null
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/rlimit.go
@@ -0,0 +1,110 @@
+// rlimit.go - Resource limits.
+// Copyright (C) 2016  Yawning Angel.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see .
+
+package sandbox
+
+import "syscall"
+
+func lowerRlimit(resource int, newHard uint64) error {
+   var lim syscall.Rlimit
+   if err := syscall.Getrlimit(resource, ); err != nil {
+   return err
+   }
+
+   needsSet := false
+   if newHard < lim.Max {
+   lim.Max = newHard
+   needsSet = true
+   }
+   if newHard < lim.Cur {
+   lim.Cur = newHard
+   needsSet = true
+   }
+   if !needsSet {
+   return nil
+   }
+
+   return syscall.Setrlimit(resource, )
+}
+
+// SetSensibleRlimits conservatively lowers the rlimits to values that will
+// happily support firefox, the updater, tor, and obfs4proxy.
+//
+// XXX; In the future, this should be applied to each process individually.
+// I still need to think about what I'll do for the things that are unset,
+// because it should be tied into the UI.
+func SetSensibleRlimits() error {
+   const (
+   limStack  = 512 * 1024 // 512 KiB
+   limRSS= 0  // No effect as of 2.6.x...
+   limNproc  = 512
+   limNofile = 1024 // Could maybe go as low as 512...
+   limMlock  = 0// This might need to be increased later.
+   limLocks  = 32
+   limSigpending = 64
+   limMsgqueue   = 0 // Disallowed by seccomp.
+   limNice   = 0
+   limRtprio = 0
+   limRttime = 0
+
+   // The syscall package doesn't expose these.
+   RLIMIT_RSS= 5
+   RLIMIT_NPROC  = 6
+   RLIMIT_MLOCK  = 8
+   RLIMIT_LOCKS  = 10
+   RLIMIT_SIGPENDING = 11
+   RLIMIT_MSGQUEUE   = 12
+   RLIMIT_NICE   = 13
+   RLIMIT_RTPRIO = 14
+   RLIMIT_RTTIME = 15
+   )
+
+   if err := lowerRlimit(syscall.RLIMIT_STACK, limStack); err != nil {
+   return err
+   }
+   if err := lowerRlimit(RLIMIT_RSS, limRSS); err != nil {
+   return err
+   }
+   if err := lowerRlimit(RLIMIT_NPROC, limNproc); err != nil {
+   return err
+   }
+   if err := lowerRlimit(syscall.RLIMIT_NOFILE, limNofile); err != nil {
+   return err
+   }
+   if err := lowerRlimit(RLIMIT_MLOCK, limMlock); err != nil {
+

[tor-commits] [sandboxed-tor-browser/master] More seccomp whitelist improvements.

2016-12-05 Thread yawning 
commit 783a170d62f30b3415f1746db6f264af85bd81f0
Author: Yawning Angel 
Date:   Mon Dec 5 08:18:14 2016 +

More seccomp whitelist improvements.

 * (General) Explicitly SIGKILL processes that try to use an unexpected
   ABI (eg: X32, x86_64 on x86 and vice versa).
 * (tor) Filter args to `fcntl[64]`, `accept4`.
 * (tor) `src/common/sandbox.c` things we need AF_NETLINK.  Fuck that.
---
 src/cmd/gen-seccomp/seccomp.go |  3 ++
 src/cmd/gen-seccomp/seccomp_tor.go | 97 ++
 2 files changed, 92 insertions(+), 8 deletions(-)

diff --git a/src/cmd/gen-seccomp/seccomp.go b/src/cmd/gen-seccomp/seccomp.go
index 6c7366f..62b286d 100644
--- a/src/cmd/gen-seccomp/seccomp.go
+++ b/src/cmd/gen-seccomp/seccomp.go
@@ -84,6 +84,9 @@ func newWhitelist(is386 bool) (*seccomp.ScmpFilter, error) {
f.Release()
return nil, err
}
+   if err = f.SetBadArchAction(seccomp.ActKill); err != nil {
+   return nil, err
+   }
 
return f, nil
 }
diff --git a/src/cmd/gen-seccomp/seccomp_tor.go 
b/src/cmd/gen-seccomp/seccomp_tor.go
index 73ed3c0..2b01656 100644
--- a/src/cmd/gen-seccomp/seccomp_tor.go
+++ b/src/cmd/gen-seccomp/seccomp_tor.go
@@ -43,7 +43,6 @@ func compileTorSeccompProfile(fd *os.File, useBridges bool, 
is386 bool) error {
"eventfd2",
"pipe2",
"pipe",
-   "fcntl",
"fstat",
"getdents",
"getdents64",
@@ -84,10 +83,6 @@ func compileTorSeccompProfile(fd *os.File, useBridges bool, 
is386 bool) error {
"sendto",
"unlink",
 
-   // XXX: Calls that should be filtered by arg, but aren't yet.
-   "rt_sigaction",
-   "accept4",
-
// Calls that tor can filter, but I can't due to not being in
// the tor daemon's process space.
"chown",
@@ -105,6 +100,7 @@ func compileTorSeccompProfile(fd *os.File, useBridges bool, 
is386 bool) error {
"restart_syscall",
"set_tid_address",
"unshare",
+   "rt_sigaction", // Tor filters this but libc does more.
}
if is386 {
allowedNoArgs386 := []string{
@@ -115,12 +111,11 @@ func compileTorSeccompProfile(fd *os.File, useBridges 
bool, is386 bool) error {
"getuid32",
"_llseek",
"sigreturn",
-   "fcntl64", // XXX: Filter by arg.
 
"recv",
"send",
"stat64",
-   "socketcall", // Sigh... (see accept4 in the tor code)
+   "socketcall", // Sigh...
 
"ugetrlimit",
"set_thread_area",
@@ -161,6 +156,9 @@ func compileTorSeccompProfile(fd *os.File, useBridges bool, 
is386 bool) error {
if err = allowCmpEq(f, "mremap", 3, mremapMaymove); err != nil {
return err
}
+   if err = torFilterAccept4(f, is386); err != nil {
+   return err
+   }
if err = torFilterPoll(f); err != nil {
return err
}
@@ -179,6 +177,9 @@ func compileTorSeccompProfile(fd *os.File, useBridges bool, 
is386 bool) error {
if err = torFilterMmap(f, is386); err != nil {
return err
}
+   if err = torFilterFcntl(f, is386); err != nil {
+   return err
+   }
 
if useBridges {
// XXX: One day, all the PTs will live in their own containers.
@@ -246,6 +247,25 @@ func torFilterPrctl(f *seccomp.ScmpFilter) error {
return f.AddRuleConditional(scall, seccomp.ActAllow, 
[]seccomp.ScmpCondition{isPrSetDeathsig})
 }
 
+func torFilterAccept4(f *seccomp.ScmpFilter, is386 bool) error {
+   scall, err := seccomp.GetSyscallFromName("accept4")
+   if err != nil {
+   return err
+   }
+   if is386 {
+   // XXX: The tor common/sandbox.c file, explcitly allows 
socketcall()
+   // by arg for this call, and only this call. ??
+   return f.AddRule(scall, seccomp.ActAllow)
+   }
+
+   cond, err := seccomp.MakeCondition(3, seccomp.CompareMaskedEqual, 0, 
syscall.SOCK_CLOEXEC|syscall.SOCK_NONBLOCK)
+   if err != nil {
+   return nil
+   }
+
+   return f.AddRuleConditional(scall, seccomp.ActAllow, 
[]seccomp.ScmpCondition{cond})
+}
+
 func torFilterPoll(f *seccomp.ScmpFilter) error {
scall, err := seccomp.GetSyscallFromName("poll")
if err != nil {
@@ -273,7 +293,7 @@ func torFilterSocket(f *seccomp.ScmpFilter, is386 bool) 
error {
}
 
// XXX: Tighten this some more.
-   return allowCmpEq(f, "socket", 0, syscall.AF_UNIX, syscall.AF_INET, 
syscall.AF_INET6, syscall.AF_NETLINK)
+