[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed

[translation]

commit 7ce8c3320743329ff60bed32416d9945dda33640
Author: Translation commit bot 
Date:   Wed Mar 28 22:16:45 2018 +

Update translations for tails-misc_completed
---
 pt_BR.po | 170 ---
 1 file changed, 108 insertions(+), 62 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 569dd9202..7c1390a28 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -3,7 +3,7 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Communia , 2013-2017
+# Communia , 2013-2018
 # carlo giusepe tadei valente sasaki , 2014
 # Danton Medrado, 2015
 # Eduardo Bonsi, 2013-2014
@@ -22,8 +22,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-09-13 20:10+0200\n"
-"PO-Revision-Date: 2018-01-04 10:03+\n"
+"POT-Creation-Date: 2018-03-12 19:03+0100\n"
+"PO-Revision-Date: 2018-03-28 21:48+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -55,38 +55,42 @@ msgid ""
 "an opportunity for eavesdroppers, like your email or Internet provider, to\n"
 "confirm that you are using Tails.\n"
 "\n"
-msgstr "Ajude a consertar o seu erro!\nLeia as 
instruções de relatórios de erros.\nNão inclua 
informações pessoais além do necessário!\nSobre nos 
informar um endereço de e-mail\n\nSe infomar seu e-mail, podemos fazer 
contato para esclarecer o problema. Isto é necessário para a maioria dos 
relatórios que recebemos (muitos deles sem informações de contato são 
inúteis). Por outro lado, pode ser uma oportunidade para bisbilhoteiros como 
seu e-mail ou provedor de Internet confirmarem que você está usando Tails. 
\n"
+msgstr "Ajude a consertar o erro que você encontrou!\nLeia as instruções de relatórios de erros.\nNão 
inclua informações pessoais além do necessário!\nSobre 
como nos informar um endereço de e-mail\n\nSe você informar seu 
e-mail, podemos fentrar em contato para esclarecer o problema. Isso é 
necessário na grande maioria dos relatórios que recebemos (muitos deles nos 
chegam sem informações de contato e são inúteis). No entanto, com um 
endereço de e-mail, alguém que tenha acesso às suas nformações, como o seu 
 provedor de e-mail ou de Internet, poderá confirmar que você está usando 
Tails. \n"
 
-#: config/chroot_local-includes/usr/local/bin/electrum:17
+#: config/chroot_local-includes/usr/local/bin/electrum:57
 msgid "Persistence is disabled for Electrum"
-msgstr "O Persistência está desabilitado para usar Electrum"
+msgstr "O volume persistente está desabilitado para usar Electrum"
 
-#: config/chroot_local-includes/usr/local/bin/electrum:19
+#: config/chroot_local-includes/usr/local/bin/electrum:59
 msgid ""
 "When you reboot Tails, all of Electrum's data will be lost, including your "
 "Bitcoin wallet. It is strongly recommended to only run Electrum when its "
 "persistence feature is activated."
-msgstr "Ao reiniciar o Tails, todos os dados do Electrum serão perdidos, 
inclusive as carteiras de Bitcoin. Assim, o mais recomendado é executar 
Electrum quando a funcionalidade 'Persistente' estiver ativada."
+msgstr "Ao reiniciar Tails, todos os dados do Electrum serão perdidos, 
inclusive as carteiras de Bitcoin. Assim, o mais recomendado é executar 
Electrum quando a funcionalidade 'Persistente' estiver ativada."
 
-#: config/chroot_local-includes/usr/local/bin/electrum:21
+#: config/chroot_local-includes/usr/local/bin/electrum:60
 msgid "Do you want to start Electrum anyway?"
 msgstr "Você deseja iniciar o Electrum assim mesmo?"
 
-#: config/chroot_local-includes/usr/local/bin/electrum:23
+#: config/chroot_local-includes/usr/local/bin/electrum:63
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41
 msgid "_Launch"
 msgstr "_Lançar"
 
-#: config/chroot_local-includes/usr/local/bin/electrum:24
+#: config/chroot_local-includes/usr/local/bin/electrum:64
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42
 msgid "_Exit"
 msgstr "_Saída"
 
-#: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71
+#: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-hel...@tails.boum.org/extension.js:75
 msgid "Restart"
 msgstr "Reiniciar"
 
-#: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:74
+#: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-hel...@tails.boum.org/extension.js:78
+msgid "Lock screen"
+msgstr "Bloquear a tela"
+
+#: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-hel...@tails.boum.org/extension.js:81
 msgid "Power Off"
 msgstr "Desligar"
 
@@ -115,24 +119,51 

[tor-commits] [translation/tails-misc] Update translations for tails-misc

[translation]

commit cbd732ac6e3c51b14657602ef1fdb43cc4c4babc
Author: Translation commit bot 
Date:   Wed Mar 28 22:16:40 2018 +

Update translations for tails-misc
---
 pt_BR.po | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 9165c0b3e..7c1390a28 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -23,7 +23,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2018-03-12 19:03+0100\n"
-"PO-Revision-Date: 2018-03-28 21:20+\n"
+"PO-Revision-Date: 2018-03-28 21:48+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -147,11 +147,11 @@ msgid ""
 "The check for upgrades failed. This might be due to a network problem. "
 "Please check your network connection, try to restart Tails, or read the "
 "system log to understand better the problem."
-msgstr ""
+msgstr "A procura por atualizações falhou, talvez devido a um problema de 
rede. Por favor, verifique a sua conexão de internet, tente reiniciar Tails ou 
leia o log de sistema para entender melhor o problema."
 
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:201
 msgid "Your additional software are up to date"
-msgstr ""
+msgstr "Os seus programas adicionais foram atualizados"
 
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:202
 msgid "The upgrade was successful."
@@ -220,11 +220,11 @@ msgstr "Cancelar"
 
 #: config/chroot_local-includes/usr/local/bin/tails-screen-locker:124
 msgid "Screen Locker"
-msgstr ""
+msgstr "Bloqueador de Tela"
 
 #: config/chroot_local-includes/usr/local/bin/tails-screen-locker:130
 msgid "Set up a password to unlock the screen."
-msgstr ""
+msgstr "Configure uma senha para desbloquear a tela"
 
 #: config/chroot_local-includes/usr/local/bin/tails-screen-locker:135
 msgid "Password"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

[translation]

commit 1c0707a9e7e0b0271a341f2ff0659a95a37e89e5
Author: Translation commit bot 
Date:   Wed Mar 28 21:46:39 2018 +

Update translations for tails-misc
---
 pt_BR.po | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 21519bc59..9165c0b3e 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -23,7 +23,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2018-03-12 19:03+0100\n"
-"PO-Revision-Date: 2018-03-28 21:15+\n"
+"PO-Revision-Date: 2018-03-28 21:20+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -135,12 +135,12 @@ msgstr "Os seus programas adicionais foram instalados"
 
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:178
 msgid "Your additional software are ready to use."
-msgstr ""
+msgstr "Os seus programas adicionais estão prontos para serem usados. "
 
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:194
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:204
 msgid "Your additional software upgrade failed"
-msgstr ""
+msgstr "A atualização dos seus programas adicionais falhou"
 
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:195
 msgid ""

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

[translation]

commit e55e6f3a908900d85dbda835e705d4057c0282ca
Author: Translation commit bot 
Date:   Wed Mar 28 21:16:38 2018 +

Update translations for tails-misc
---
 pt_BR.po | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 6221a6316..21519bc59 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -23,7 +23,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2018-03-12 19:03+0100\n"
-"PO-Revision-Date: 2018-03-28 20:12+\n"
+"PO-Revision-Date: 2018-03-28 21:15+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -121,17 +121,17 @@ msgstr "não disponível"
 
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:170
 msgid "Your additional software installation failed"
-msgstr ""
+msgstr "A instalação dos programas adicionais falhou"
 
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:171
 msgid ""
 "The installation failed. Please check your additional software "
 "configuration, or read the system log to understand better the problem."
-msgstr ""
+msgstr "A instalação falhou. Por favor, verifique as configurações dos 
seus programas adicionais ou leia o log do sistema para entender melhor o 
problema."
 
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:177
 msgid "Your additional software are installed"
-msgstr ""
+msgstr "Os seus programas adicionais foram instalados"
 
 #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:178
 msgid "Your additional software are ready to use."
@@ -245,7 +245,7 @@ msgid ""
 "\n"
 "Or do a manual upgrade.\n"
 "See https://tails.boum.org/doc/first_steps/upgrade#manual\";
-msgstr ""
+msgstr "\"Não há memória suficiente para procurar por 
atualizações.\n\nVerifique se o sistema cumpre os requerimentos para 
executar Tails\nConsulte o 
documento:///usr/share/doc/tails/website/doc/about/requirements.en.html\n\nTente
 reiniciar Tails para procurar por atualizações novamente\n\nOu faça a 
atualização manualmente\nConsulte 
https://tails.boum.org/doc/first_steps/upgrade#manual\";
 
 #: config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper:72
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:27

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

[translation]

commit 0dcb7ae0fbea2a70e610fe289c5073b050e26c5a
Author: Translation commit bot 
Date:   Wed Mar 28 20:16:38 2018 +

Update translations for tails-misc
---
 pt_BR.po | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 15e83cb74..6221a6316 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -23,7 +23,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2018-03-12 19:03+0100\n"
-"PO-Revision-Date: 2018-03-28 19:44+\n"
+"PO-Revision-Date: 2018-03-28 20:12+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -59,14 +59,14 @@ msgstr "Ajude a consertar o erro que você 
encontrou!\nLeia not anonymous.\\nOnly "
 "use the Unsafe Browser if necessary, for example\\nif you have to login or "
 "register to activate your Internet connection."
-msgstr "A atividade de rede no Navegador é não é anônima.\\nUse o 
Navegador somente se for necessário, por exemplo\\nse você tiver de fazer 
login ou registrar para ativar asua conexão de Internet.."
+msgstr "A atividade de rede no Navegador não é anônima.\\nUse o 
Navegador Sem Segurança somente se for necessário, por exemplo\\nse você 
tiver de fazer login ou registrar-se para ativar a sua conexão de Internet."
 
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:51
 msgid "Starting the Unsafe Browser..."

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

[translation]

commit 3f7716f52d242294cd557e641dece2a21c4a58bf
Author: Translation commit bot 
Date:   Wed Mar 28 19:46:41 2018 +

Update translations for tails-misc
---
 pt_BR.po | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 882496869..15e83cb74 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -23,7 +23,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2018-03-12 19:03+0100\n"
-"PO-Revision-Date: 2018-03-28 14:01+\n"
+"PO-Revision-Date: 2018-03-28 19:44+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -162,7 +162,7 @@ msgid ""
 "The upgrade failed. This might be due to a network problem. Please check "
 "your network connection, try to restart Tails, or read the system log to "
 "understand better the problem."
-msgstr "A atualização falhou. Isto pode ser devido a um problema de rede. 
Por favor, verifique a sua conexão de rede, tente reiniciar o Tails ou leia o 
registro do sistema para compreender melhor o problema."
+msgstr "A atualização falhou. Isso pode ser devido a um problema de rede. 
Por favor, verifique a sua conexão de rede, tente reiniciar Tails ou leia o 
registro do sistema para compreender melhor o problema."
 
 #: config/chroot_local-includes/usr/local/lib/tails-htp-notify-user:52
 msgid "Synchronizing the system's clock"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Make check-changes pass on changes/bug25398

[nickm]

commit 99641c93ce84f2e013c3dc2d96e368456b0ab930
Author: Nick Mathewson 
Date:   Wed Mar 28 14:48:36 2018 -0400

Make check-changes pass on changes/bug25398
---
 changes/bug25398 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/changes/bug25398 b/changes/bug25398
index 5f3fd7f5e..3ea69c5b1 100644
--- a/changes/bug25398
+++ b/changes/bug25398
@@ -1,2 +1,3 @@
-  o Minor bugfixes (portability):
-- Remove uncompilable tor_mmap_file fallback. Fixes bug 25398.
+  o New system requirements:
+- Tor no longer compiles on systems without mmap() or some local
+  equivalent. Closes ticket 25398.

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Clear all control.c flags on control_free_all()

[nickm]

commit 3519d0c8086edeade8d550f230caa3f95e4d2cdb
Author: Nick Mathewson 
Date:   Fri Mar 23 11:31:56 2018 -0400

Clear all control.c flags on control_free_all()

Fixes bug 25512.
---
 changes/bug25512 | 5 +
 src/or/control.c | 5 +
 2 files changed, 10 insertions(+)

diff --git a/changes/bug25512 b/changes/bug25512
new file mode 100644
index 0..4b6491867
--- /dev/null
+++ b/changes/bug25512
@@ -0,0 +1,5 @@
+  o Minor bugfixes (restart-in-process):
+- When shutting down, Tor now clears all the flags in the control.c
+  module. This should prevent a bug where authentication cookies
+  are not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha.
+
diff --git a/src/or/control.c b/src/or/control.c
index 7786e1648..edbc2f70f 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -7602,6 +7602,11 @@ control_free_all(void)
   bootstrap_percent = BOOTSTRAP_STATUS_UNDEF;
   notice_bootstrap_percent = 0;
   bootstrap_problems = 0;
+  authentication_cookie_is_set = 0;
+  global_event_mask = 0;
+  disable_log_messages = 0;
+  memset(last_sent_bootstrap_message, 0, sizeof(last_sent_bootstrap_message));
+  flush_queued_event_pending = 0;
 }
 
 #ifdef TOR_UNIT_TESTS



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'public/bug25512'

[nickm]

commit 4c0e434f33d937f43b49dc707718d73e5aea23b7
Merge: cb083b5d3 3519d0c80
Author: Nick Mathewson 
Date:   Wed Mar 28 14:45:47 2018 -0400

Merge remote-tracking branch 'public/bug25512'

 changes/bug25512 | 5 +
 src/or/control.c | 5 +
 2 files changed, 10 insertions(+)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Remove uncompilable tor_mmap_file fallback. #25398

[nickm]

commit 45d3b5fa4cd1ee2bdcbefcf5a33073b301733e46
Author: Alex Xu (Hello71) 
Date:   Fri Mar 2 09:49:35 2018 -0500

Remove uncompilable tor_mmap_file fallback. #25398
---
 changes/bug25398|  2 ++
 src/common/compat.c | 36 ++--
 2 files changed, 4 insertions(+), 34 deletions(-)

diff --git a/changes/bug25398 b/changes/bug25398
new file mode 100644
index 0..5f3fd7f5e
--- /dev/null
+++ b/changes/bug25398
@@ -0,0 +1,2 @@
+  o Minor bugfixes (portability):
+- Remove uncompilable tor_mmap_file fallback. Fixes bug 25398.
diff --git a/src/common/compat.c b/src/common/compat.c
index e8916c8d1..9457b8289 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -417,40 +417,8 @@ tor_munmap_file(tor_mmap_t *handle)
   return 0;
 }
 #else
-tor_mmap_t *
-tor_mmap_file(const char *filename)
-{
-  struct stat st;
-  char *res = read_file_to_str(filename, RFTS_BIN|RFTS_IGNORE_MISSING, );
-  tor_mmap_t *handle;
-  if (! res)
-return NULL;
-  handle = tor_malloc_zero(sizeof(tor_mmap_t));
-  handle->data = res;
-  handle->size = st.st_size;
-  return handle;
-}
-
-/** Unmap the file mapped with tor_mmap_file(), and return 0 for success
- * or -1 for failure.
- */
-
-int
-tor_munmap_file(tor_mmap_t *handle)
-{
-  char *d = NULL;
-  if (handle == NULL)
-return 0;
-
-  d = (char*)handle->data;
-  tor_free(d);
-  memwipe(handle, 0, sizeof(tor_mmap_t));
-  tor_free(handle);
-
-  /* Can't fail in this mmap()/munmap()-free case */
-  return 0;
-}
-#endif /* defined(COMPAT_HAS_MMAN_AND_PAGESIZE) || ... || ... */
+#error "cannot implement tor_mmap_file"
+#endif /* defined(HAVE_MMAP) || ... || ... */
 
 /** Replacement for snprintf.  Differs from platform snprintf in two
  * ways: First, always NUL-terminates its output.  Second, always



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'hello71/bug25398'

[nickm]

commit 2f872f9762128228e98f74bf7cb53aed54aee088
Merge: 4c0e434f3 45d3b5fa4
Author: Nick Mathewson 
Date:   Wed Mar 28 14:47:05 2018 -0400

Merge remote-tracking branch 'hello71/bug25398'

 changes/bug25398|  2 ++
 src/common/compat.c | 36 ++--
 2 files changed, 4 insertions(+), 34 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'asn-github/t-25432'

[nickm]

commit cb083b5d3e21307b2dd762a1e891b71a9bd69eda
Merge: 794a25f8c 216bc353d
Author: Nick Mathewson 
Date:   Wed Mar 28 14:43:33 2018 -0400

Merge remote-tracking branch 'asn-github/t-25432'

 changes/ticket25432 |   6 +++
 src/or/dirserv.c|   4 +-
 src/or/or.h |   4 +-
 src/or/router.c | 104 
 src/or/router.h |  18 -
 5 files changed, 49 insertions(+), 87 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] fixup! Refactor: suppress duplicated functions from router.c and encapsulate NODE_DESC_BUF_LEN constant.

[nickm]

commit 216bc353d3c724e8348408800f389c0c76c2bbc6
Author: George Kadianakis 
Date:   Sun Mar 25 20:13:00 2018 +0300

fixup! Refactor: suppress duplicated functions from router.c and 
encapsulate NODE_DESC_BUF_LEN constant.
---
 changes/ticket25432 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/changes/ticket25432 b/changes/ticket25432
index 2179770f6..21ca20134 100644
--- a/changes/ticket25432
+++ b/changes/ticket25432
@@ -1,6 +1,6 @@
   o Code simplification and refactoring:
 - Merge functions used for describing nodes and suppress the functions
   that do not allocate memory for the output buffer string.
-- NODE_DESC_BUF_LEN constant and format_node_description() function
+  NODE_DESC_BUF_LEN constant and format_node_description() function
   cannot be used externally from router.c module anymore.
-- Closes ticket 25432. Patch by valentecaio.
+  Closes ticket 25432. Patch by valentecaio.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Refactor: suppress duplicated functions from router.c and encapsulate NODE_DESC_BUF_LEN constant.

[nickm]

commit 8775c93a996fd864b1747c04eebe51534425ff51
Author: Caio Valente 
Date:   Tue Mar 6 20:42:32 2018 +0100

Refactor: suppress duplicated functions from router.c and encapsulate 
NODE_DESC_BUF_LEN constant.

Also encapsulates format_node_description().

Closes ticket 25432.
---
 changes/ticket25432 |   6 +++
 src/or/dirserv.c|   4 +-
 src/or/or.h |   4 +-
 src/or/router.c | 104 
 src/or/router.h |  18 -
 5 files changed, 49 insertions(+), 87 deletions(-)

diff --git a/changes/ticket25432 b/changes/ticket25432
new file mode 100644
index 0..2179770f6
--- /dev/null
+++ b/changes/ticket25432
@@ -0,0 +1,6 @@
+  o Code simplification and refactoring:
+- Merge functions used for describing nodes and suppress the functions
+  that do not allocate memory for the output buffer string.
+- NODE_DESC_BUF_LEN constant and format_node_description() function
+  cannot be used externally from router.c module anymore.
+- Closes ticket 25432. Patch by valentecaio.
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 7a693b9d4..7dae5ee9d 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -858,13 +858,13 @@ directory_remove_invalid(void)
 
   SMARTLIST_FOREACH_BEGIN(nodes, node_t *, node) {
 const char *msg = NULL;
+const char *description;
 routerinfo_t *ent = node->ri;
-char description[NODE_DESC_BUF_LEN];
 uint32_t r;
 if (!ent)
   continue;
 r = dirserv_router_get_status(ent, , LOG_INFO);
-router_get_description(description, ent);
+description = router_describe(ent);
 if (r & FP_REJECT) {
   log_info(LD_DIRSERV, "Router %s is now rejected: %s",
description, msg?msg:"");
diff --git a/src/or/or.h b/src/or/or.h
index 045cdd9e1..ecee534fe 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2343,10 +2343,10 @@ typedef struct routerstatus_t {
* If it's a descriptor, we only use the first DIGEST_LEN bytes. */
   char descriptor_digest[DIGEST256_LEN];
   uint32_t addr; /**< IPv4 address for this router, in host order. */
-  uint16_t or_port; /**< OR port for this router. */
+  uint16_t or_port; /**< IPv4 OR port for this router. */
   uint16_t dir_port; /**< Directory port for this router. */
   tor_addr_t ipv6_addr; /**< IPv6 address for this router. */
-  uint16_t ipv6_orport; /**k.  Does not affect
  * lastonionkey; to update lastonionkey correctly, call rotate_onion_key().
  */
@@ -3453,6 +3460,15 @@ is_legal_hexdigest(const char *s)
   strspn(s,HEX_CHARACTERS)==HEX_DIGEST_LEN);
 }
 
+/**
+ * Longest allowed output of format_node_description, plus 1 character for
+ * NUL.  This allows space for:
+ * "$~xxx at"
+ * " [::::::255.255.255.255]"
+ * plus a terminating NUL.
+ */
+#define NODE_DESC_BUF_LEN (MAX_VERBOSE_NICKNAME_LEN+4+TOR_ADDR_BUF_LEN)
+
 /** Use buf (which must be at least NODE_DESC_BUF_LEN bytes long) to
  * hold a human-readable description of a node with identity digest
  * id_digest, named-status is_named, nickname nickname,
@@ -3498,15 +3514,16 @@ format_node_description(char *buf,
   return buf;
 }
 
-/** Use buf (which must be at least NODE_DESC_BUF_LEN bytes long) to
- * hold a human-readable description of ri.
- *
+/** Return a human-readable description of the routerinfo_t ri.
  *
- * Return a pointer to the front of buf.
+ * This function is not thread-safe.  Each call to this function invalidates
+ * previous values returned by this function.
  */
 const char *
-router_get_description(char *buf, const routerinfo_t *ri)
+router_describe(const routerinfo_t *ri)
 {
+  static char buf[NODE_DESC_BUF_LEN];
+
   if (!ri)
 return "";
   return format_node_description(buf,
@@ -3517,14 +3534,15 @@ router_get_description(char *buf, const routerinfo_t 
*ri)
  ri->addr);
 }
 
-/** Use buf (which must be at least NODE_DESC_BUF_LEN bytes long) to
- * hold a human-readable description of node.
+/** Return a human-readable description of the node_t node.
  *
- * Return a pointer to the front of buf.
+ * This function is not thread-safe.  Each call to this function invalidates
+ * previous values returned by this function.
  */
 const char *
-node_get_description(char *buf, const node_t *node)
+node_describe(const node_t *node)
 {
+  static char buf[NODE_DESC_BUF_LEN];
   const char *nickname = NULL;
   uint32_t addr32h = 0;
   int is_named = 0;
@@ -3549,14 +3567,16 @@ node_get_description(char *buf, const node_t *node)
  addr32h);
 }
 
-/** Use buf (which must be at least NODE_DESC_BUF_LEN bytes long) to
- * hold a human-readable description of rs.
+/** Return a human-readable description of the routerstatus_t rs.
  *
- * Return a pointer to the front of buf.
+ * This function is not thread-safe.  Each call to this function invalidates
+ * previous 

[tor-commits] [tor/release-0.3.3] relay: Avoid connecting to down relays

[nickm]

commit f29d158330a8c6bcc91b71a888db741766135aaf
Author: David Goulet 
Date:   Tue Feb 6 15:40:17 2018 -0500

relay: Avoid connecting to down relays

If we failed to connect at the TCP level to a relay, note it down and refuse
to connect again for another 60 seconds.

Fixes #24767

Signed-off-by: David Goulet 
---
 changes/bug24767   |   5 ++
 src/or/connection_or.c | 224 +
 2 files changed, 229 insertions(+)

diff --git a/changes/bug24767 b/changes/bug24767
new file mode 100644
index 0..56fbe51a9
--- /dev/null
+++ b/changes/bug24767
@@ -0,0 +1,5 @@
+  o Major bugfixes (relay, connection):
+- Refuse to connect again to a relay from which we failed previously with
+  a connection refused, timeout or error (at the TCP level). The relay
+  won't be retried for 60 seconds after the failure occured. Fixes bug
+  24767; bugfix on 0.0.6.
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 272a086a3..976889ad0 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1122,6 +1122,216 @@ connection_or_group_set_badness_(smartlist_t *group, 
int force)
   } SMARTLIST_FOREACH_END(or_conn);
 }
 
+/* Lifetime of a connection failure. After that, we'll retry. This is in
+ * seconds. */
+#define OR_CONNECT_FAILURE_LIFETIME 60
+/* The interval to use with when to clean up the failure cache. */
+#define OR_CONNECT_FAILURE_CLEANUP_INTERVAL 60
+
+/* When is the next time we have to cleanup the failure map. We keep this
+ * because we clean it opportunistically. */
+static time_t or_connect_failure_map_next_cleanup_ts = 0;
+
+/* OR connection failure entry data structure. It is kept in the connection
+ * failure map defined below and indexed by OR identity digest, address and
+ * port.
+ *
+ * We need to identify a connection failure with these three values because we
+ * want to avoid to wrongfully blacklist a relay if someone is trying to
+ * extend to a known identity digest but with the wrong IP/port. For instance,
+ * it can happen if a relay changed its port but the client still has an old
+ * descriptor with the old port. We want to stop connecting to that
+ * IP/port/identity all together, not only the relay identity. */
+typedef struct or_connect_failure_entry_t {
+  HT_ENTRY(or_connect_failure_entry_t) node;
+  /* Identity digest of the connection where it is connecting to. */
+  uint8_t identity_digest[DIGEST_LEN];
+  /* This is the connection address from the base connection_t. After the
+   * connection is checked for canonicity, the base address should represent
+   * what we know instead of where we are connecting to. This is what we need
+   * so we can correlate known relays within the consensus. */
+  tor_addr_t addr;
+  uint16_t port;
+  /* Last time we were unable to connect. */
+  time_t last_failed_connect_ts;
+} or_connect_failure_entry_t;
+
+/* Map where we keep connection failure entries. They are indexed by addr,
+ * port and identity digest. */
+static HT_HEAD(or_connect_failure_ht, or_connect_failure_entry_t)
+   or_connect_failures_map = HT_INITIALIZER();
+
+/* Helper: Hashtable equal function. Return 1 if equal else 0. */
+static int
+or_connect_failure_ht_eq(const or_connect_failure_entry_t *a,
+ const or_connect_failure_entry_t *b)
+{
+  return fast_memeq(a->identity_digest, b->identity_digest, DIGEST_LEN) &&
+ tor_addr_eq(>addr, >addr) &&
+ a->port == b->port;
+}
+
+/* Helper: Return the hash for the hashtable of the given entry. For this
+ * table, it is a combination of address, port and identity digest. */
+static unsigned int
+or_connect_failure_ht_hash(const or_connect_failure_entry_t *entry)
+{
+  size_t offset = 0, addr_size;
+  const void *addr_ptr;
+  /* Largest size is IPv6 and IPv4 is smaller so it is fine. */
+  uint8_t data[16 + sizeof(uint16_t) + DIGEST_LEN];
+
+  /* Get the right address bytes depending on the family. */
+  switch (tor_addr_family(>addr)) {
+  case AF_INET:
+addr_size = 4;
+addr_ptr = >addr.addr.in_addr.s_addr;
+break;
+  case AF_INET6:
+addr_size = 16;
+addr_ptr = >addr.addr.in6_addr.s6_addr;
+break;
+  default:
+tor_assert_nonfatal_unreached();
+return 0;
+  }
+
+  memcpy(data, addr_ptr, addr_size);
+  offset += addr_size;
+  memcpy(data + offset, entry->identity_digest, DIGEST_LEN);
+  offset += DIGEST_LEN;
+  set_uint16(data + offset, entry->port);
+  offset += sizeof(uint16_t);
+
+  return (unsigned int) siphash24g(data, offset);
+}
+
+HT_PROTOTYPE(or_connect_failure_ht, or_connect_failure_entry_t, node,
+ or_connect_failure_ht_hash, or_connect_failure_ht_eq)
+
+HT_GENERATE2(or_connect_failure_ht, or_connect_failure_entry_t, node,
+ or_connect_failure_ht_hash, or_connect_failure_ht_eq,
+ 0.6, tor_reallocarray_, tor_free_)
+
+/* Initialize a given connect failure entry 

[tor-commits] [tor/release-0.3.3] test: Add unittest for the OR connection failure cache

[nickm]

commit ab16f1e2a10ee1b95118ec266ba454697e9af012
Author: George Kadianakis 
Date:   Wed Feb 14 13:40:42 2018 +0200

test: Add unittest for the OR connection failure cache

Signed-off-by: David Goulet 
---
 src/or/connection_or.c |  5 ++-
 src/or/connection_or.h |  5 +++
 src/or/nodelist.c  |  4 +-
 src/or/nodelist.h  |  2 +-
 src/test/test_connection.c | 97 ++
 5 files changed, 108 insertions(+), 5 deletions(-)

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 976889ad0..267463312 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -28,6 +28,7 @@
  * part of a subclass (channel_tls_t).
  */
 #define TOR_CHANNEL_INTERNAL_
+#define CONNECTION_OR_PRIVATE
 #include "channel.h"
 #include "channeltls.h"
 #include "circuitbuild.h"
@@ -1255,7 +1256,7 @@ or_connect_failure_find(const or_connection_t *or_conn)
 
 /* Note down in the connection failure cache that a failure occurred on the
  * given or_conn. */
-static void
+STATIC void
 note_or_connect_failed(const or_connection_t *or_conn)
 {
   or_connect_failure_entry_t *ocf = NULL;
@@ -1294,7 +1295,7 @@ or_connect_failure_map_cleanup(time_t cutoff)
  *
  * The or_conn MUST have gone through connection_or_check_canonicity() so the
  * base address is properly set to what we know or doesn't know. */
-static int
+STATIC int
 should_connect_to_relay(const or_connection_t *or_conn)
 {
   time_t now, cutoff;
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index 7c1dced63..158eb1fda 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -120,6 +120,11 @@ int connection_or_single_set_badness_(time_t now,
   int force);
 void connection_or_group_set_badness_(smartlist_t *group, int force);
 
+#ifdef CONNECTION_OR_PRIVATE
+STATIC int should_connect_to_relay(const or_connection_t *or_conn);
+STATIC void note_or_connect_failed(const or_connection_t *or_conn);
+#endif
+
 #ifdef TOR_UNIT_TESTS
 extern int certs_cell_ed25519_disabled_for_testing;
 #endif
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index 391b31d68..7303539c8 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -161,8 +161,8 @@ init_nodelist(void)
 }
 
 /** As node_get_by_id, but returns a non-const pointer */
-node_t *
-node_get_mutable_by_id(const char *identity_digest)
+MOCK_IMPL(node_t *,
+node_get_mutable_by_id,(const char *identity_digest))
 {
   node_t search, *node;
   if (PREDICT_UNLIKELY(the_nodelist == NULL))
diff --git a/src/or/nodelist.h b/src/or/nodelist.h
index dc20eaf0a..043d7b341 100644
--- a/src/or/nodelist.h
+++ b/src/or/nodelist.h
@@ -16,7 +16,7 @@
 tor_assert((n)->ri || (n)->rs); \
   } STMT_END
 
-node_t *node_get_mutable_by_id(const char *identity_digest);
+MOCK_DECL(node_t *, node_get_mutable_by_id,(const char *identity_digest));
 MOCK_DECL(const node_t *, node_get_by_id, (const char *identity_digest));
 node_t *node_get_mutable_by_ed25519_id(const ed25519_public_key_t *ed_id);
 MOCK_DECL(const node_t *, node_get_by_ed25519_id,
diff --git a/src/test/test_connection.c b/src/test/test_connection.c
index 33f453b8b..dc0f6860d 100644
--- a/src/test/test_connection.c
+++ b/src/test/test_connection.c
@@ -5,6 +5,7 @@
 
 #define CONNECTION_PRIVATE
 #define MAIN_PRIVATE
+#define CONNECTION_OR_PRIVATE
 
 #include "or.h"
 #include "test.h"
@@ -13,9 +14,11 @@
 #include "hs_common.h"
 #include "main.h"
 #include "microdesc.h"
+#include "nodelist.h"
 #include "networkstatus.h"
 #include "rendcache.h"
 #include "directory.h"
+#include "connection_or.h"
 
 #include "test_connection.h"
 #include "test_helpers.h"
@@ -776,6 +779,99 @@ test_conn_download_status(void *arg)
   /* the teardown function removes all the connections in the global list*/;
 }
 
+static node_t test_node;
+
+static node_t *
+mock_node_get_mutable_by_id(const char *digest)
+{
+  (void) digest;
+  static routerinfo_t node_ri;
+  memset(_ri, 0, sizeof(node_ri));
+
+  test_node.ri = _ri;
+  memset(test_node.identity, 'c', sizeof(test_node.identity));
+
+  tor_addr_t ipv4_addr;
+  tor_addr_parse(_addr, "18.0.0.1");
+  node_ri.addr = tor_addr_to_ipv4h(_addr);
+  node_ri.or_port = 1;
+
+  return _node;
+}
+
+static const node_t *
+mock_node_get_by_id(const char *digest)
+{
+  (void) digest;
+  memset(test_node.identity, 'c', sizeof(test_node.identity));
+  return _node;
+}
+
+/* Test whether we correctly track failed connections between relays. */
+static void
+test_failed_orconn_tracker(void *arg)
+{
+  (void) arg;
+
+  int can_connect;
+  time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */
+  (void) now;
+
+  update_approx_time(now);
+
+  /* Prepare the OR connection that will be used in this test */
+  or_connection_t or_conn;
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_conn.real_addr, "18.0.0.1"));
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_conn.base_.addr, "18.0.0.1"));
+  

[tor-commits] [tor/master] test: Add unittest for the OR connection failure cache

[nickm]

commit ab16f1e2a10ee1b95118ec266ba454697e9af012
Author: George Kadianakis 
Date:   Wed Feb 14 13:40:42 2018 +0200

test: Add unittest for the OR connection failure cache

Signed-off-by: David Goulet 
---
 src/or/connection_or.c |  5 ++-
 src/or/connection_or.h |  5 +++
 src/or/nodelist.c  |  4 +-
 src/or/nodelist.h  |  2 +-
 src/test/test_connection.c | 97 ++
 5 files changed, 108 insertions(+), 5 deletions(-)

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 976889ad0..267463312 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -28,6 +28,7 @@
  * part of a subclass (channel_tls_t).
  */
 #define TOR_CHANNEL_INTERNAL_
+#define CONNECTION_OR_PRIVATE
 #include "channel.h"
 #include "channeltls.h"
 #include "circuitbuild.h"
@@ -1255,7 +1256,7 @@ or_connect_failure_find(const or_connection_t *or_conn)
 
 /* Note down in the connection failure cache that a failure occurred on the
  * given or_conn. */
-static void
+STATIC void
 note_or_connect_failed(const or_connection_t *or_conn)
 {
   or_connect_failure_entry_t *ocf = NULL;
@@ -1294,7 +1295,7 @@ or_connect_failure_map_cleanup(time_t cutoff)
  *
  * The or_conn MUST have gone through connection_or_check_canonicity() so the
  * base address is properly set to what we know or doesn't know. */
-static int
+STATIC int
 should_connect_to_relay(const or_connection_t *or_conn)
 {
   time_t now, cutoff;
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index 7c1dced63..158eb1fda 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -120,6 +120,11 @@ int connection_or_single_set_badness_(time_t now,
   int force);
 void connection_or_group_set_badness_(smartlist_t *group, int force);
 
+#ifdef CONNECTION_OR_PRIVATE
+STATIC int should_connect_to_relay(const or_connection_t *or_conn);
+STATIC void note_or_connect_failed(const or_connection_t *or_conn);
+#endif
+
 #ifdef TOR_UNIT_TESTS
 extern int certs_cell_ed25519_disabled_for_testing;
 #endif
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index 391b31d68..7303539c8 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -161,8 +161,8 @@ init_nodelist(void)
 }
 
 /** As node_get_by_id, but returns a non-const pointer */
-node_t *
-node_get_mutable_by_id(const char *identity_digest)
+MOCK_IMPL(node_t *,
+node_get_mutable_by_id,(const char *identity_digest))
 {
   node_t search, *node;
   if (PREDICT_UNLIKELY(the_nodelist == NULL))
diff --git a/src/or/nodelist.h b/src/or/nodelist.h
index dc20eaf0a..043d7b341 100644
--- a/src/or/nodelist.h
+++ b/src/or/nodelist.h
@@ -16,7 +16,7 @@
 tor_assert((n)->ri || (n)->rs); \
   } STMT_END
 
-node_t *node_get_mutable_by_id(const char *identity_digest);
+MOCK_DECL(node_t *, node_get_mutable_by_id,(const char *identity_digest));
 MOCK_DECL(const node_t *, node_get_by_id, (const char *identity_digest));
 node_t *node_get_mutable_by_ed25519_id(const ed25519_public_key_t *ed_id);
 MOCK_DECL(const node_t *, node_get_by_ed25519_id,
diff --git a/src/test/test_connection.c b/src/test/test_connection.c
index 33f453b8b..dc0f6860d 100644
--- a/src/test/test_connection.c
+++ b/src/test/test_connection.c
@@ -5,6 +5,7 @@
 
 #define CONNECTION_PRIVATE
 #define MAIN_PRIVATE
+#define CONNECTION_OR_PRIVATE
 
 #include "or.h"
 #include "test.h"
@@ -13,9 +14,11 @@
 #include "hs_common.h"
 #include "main.h"
 #include "microdesc.h"
+#include "nodelist.h"
 #include "networkstatus.h"
 #include "rendcache.h"
 #include "directory.h"
+#include "connection_or.h"
 
 #include "test_connection.h"
 #include "test_helpers.h"
@@ -776,6 +779,99 @@ test_conn_download_status(void *arg)
   /* the teardown function removes all the connections in the global list*/;
 }
 
+static node_t test_node;
+
+static node_t *
+mock_node_get_mutable_by_id(const char *digest)
+{
+  (void) digest;
+  static routerinfo_t node_ri;
+  memset(_ri, 0, sizeof(node_ri));
+
+  test_node.ri = _ri;
+  memset(test_node.identity, 'c', sizeof(test_node.identity));
+
+  tor_addr_t ipv4_addr;
+  tor_addr_parse(_addr, "18.0.0.1");
+  node_ri.addr = tor_addr_to_ipv4h(_addr);
+  node_ri.or_port = 1;
+
+  return _node;
+}
+
+static const node_t *
+mock_node_get_by_id(const char *digest)
+{
+  (void) digest;
+  memset(test_node.identity, 'c', sizeof(test_node.identity));
+  return _node;
+}
+
+/* Test whether we correctly track failed connections between relays. */
+static void
+test_failed_orconn_tracker(void *arg)
+{
+  (void) arg;
+
+  int can_connect;
+  time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */
+  (void) now;
+
+  update_approx_time(now);
+
+  /* Prepare the OR connection that will be used in this test */
+  or_connection_t or_conn;
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_conn.real_addr, "18.0.0.1"));
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_conn.base_.addr, "18.0.0.1"));
+  

[tor-commits] [tor/master] relay: Avoid connecting to down relays

[nickm]

commit f29d158330a8c6bcc91b71a888db741766135aaf
Author: David Goulet 
Date:   Tue Feb 6 15:40:17 2018 -0500

relay: Avoid connecting to down relays

If we failed to connect at the TCP level to a relay, note it down and refuse
to connect again for another 60 seconds.

Fixes #24767

Signed-off-by: David Goulet 
---
 changes/bug24767   |   5 ++
 src/or/connection_or.c | 224 +
 2 files changed, 229 insertions(+)

diff --git a/changes/bug24767 b/changes/bug24767
new file mode 100644
index 0..56fbe51a9
--- /dev/null
+++ b/changes/bug24767
@@ -0,0 +1,5 @@
+  o Major bugfixes (relay, connection):
+- Refuse to connect again to a relay from which we failed previously with
+  a connection refused, timeout or error (at the TCP level). The relay
+  won't be retried for 60 seconds after the failure occured. Fixes bug
+  24767; bugfix on 0.0.6.
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 272a086a3..976889ad0 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1122,6 +1122,216 @@ connection_or_group_set_badness_(smartlist_t *group, 
int force)
   } SMARTLIST_FOREACH_END(or_conn);
 }
 
+/* Lifetime of a connection failure. After that, we'll retry. This is in
+ * seconds. */
+#define OR_CONNECT_FAILURE_LIFETIME 60
+/* The interval to use with when to clean up the failure cache. */
+#define OR_CONNECT_FAILURE_CLEANUP_INTERVAL 60
+
+/* When is the next time we have to cleanup the failure map. We keep this
+ * because we clean it opportunistically. */
+static time_t or_connect_failure_map_next_cleanup_ts = 0;
+
+/* OR connection failure entry data structure. It is kept in the connection
+ * failure map defined below and indexed by OR identity digest, address and
+ * port.
+ *
+ * We need to identify a connection failure with these three values because we
+ * want to avoid to wrongfully blacklist a relay if someone is trying to
+ * extend to a known identity digest but with the wrong IP/port. For instance,
+ * it can happen if a relay changed its port but the client still has an old
+ * descriptor with the old port. We want to stop connecting to that
+ * IP/port/identity all together, not only the relay identity. */
+typedef struct or_connect_failure_entry_t {
+  HT_ENTRY(or_connect_failure_entry_t) node;
+  /* Identity digest of the connection where it is connecting to. */
+  uint8_t identity_digest[DIGEST_LEN];
+  /* This is the connection address from the base connection_t. After the
+   * connection is checked for canonicity, the base address should represent
+   * what we know instead of where we are connecting to. This is what we need
+   * so we can correlate known relays within the consensus. */
+  tor_addr_t addr;
+  uint16_t port;
+  /* Last time we were unable to connect. */
+  time_t last_failed_connect_ts;
+} or_connect_failure_entry_t;
+
+/* Map where we keep connection failure entries. They are indexed by addr,
+ * port and identity digest. */
+static HT_HEAD(or_connect_failure_ht, or_connect_failure_entry_t)
+   or_connect_failures_map = HT_INITIALIZER();
+
+/* Helper: Hashtable equal function. Return 1 if equal else 0. */
+static int
+or_connect_failure_ht_eq(const or_connect_failure_entry_t *a,
+ const or_connect_failure_entry_t *b)
+{
+  return fast_memeq(a->identity_digest, b->identity_digest, DIGEST_LEN) &&
+ tor_addr_eq(>addr, >addr) &&
+ a->port == b->port;
+}
+
+/* Helper: Return the hash for the hashtable of the given entry. For this
+ * table, it is a combination of address, port and identity digest. */
+static unsigned int
+or_connect_failure_ht_hash(const or_connect_failure_entry_t *entry)
+{
+  size_t offset = 0, addr_size;
+  const void *addr_ptr;
+  /* Largest size is IPv6 and IPv4 is smaller so it is fine. */
+  uint8_t data[16 + sizeof(uint16_t) + DIGEST_LEN];
+
+  /* Get the right address bytes depending on the family. */
+  switch (tor_addr_family(>addr)) {
+  case AF_INET:
+addr_size = 4;
+addr_ptr = >addr.addr.in_addr.s_addr;
+break;
+  case AF_INET6:
+addr_size = 16;
+addr_ptr = >addr.addr.in6_addr.s6_addr;
+break;
+  default:
+tor_assert_nonfatal_unreached();
+return 0;
+  }
+
+  memcpy(data, addr_ptr, addr_size);
+  offset += addr_size;
+  memcpy(data + offset, entry->identity_digest, DIGEST_LEN);
+  offset += DIGEST_LEN;
+  set_uint16(data + offset, entry->port);
+  offset += sizeof(uint16_t);
+
+  return (unsigned int) siphash24g(data, offset);
+}
+
+HT_PROTOTYPE(or_connect_failure_ht, or_connect_failure_entry_t, node,
+ or_connect_failure_ht_hash, or_connect_failure_ht_eq)
+
+HT_GENERATE2(or_connect_failure_ht, or_connect_failure_entry_t, node,
+ or_connect_failure_ht_hash, or_connect_failure_ht_eq,
+ 0.6, tor_reallocarray_, tor_free_)
+
+/* Initialize a given connect failure entry 

[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.3.3' into release-0.3.3

[nickm]

commit 2504c2d4ae5b5f37be35b95c20dc0ee40dd3c3cd
Merge: e31487b4e e0bbef48b
Author: Nick Mathewson 
Date:   Wed Mar 28 14:23:06 2018 -0400

Merge branch 'maint-0.3.3' into release-0.3.3

 changes/bug24767   |   5 +
 src/or/connection_or.c | 225 +
 src/or/connection_or.h |   5 +
 src/or/nodelist.c  |   4 +-
 src/or/nodelist.h  |   2 +-
 src/test/test_connection.c |  97 +++
 6 files changed, 335 insertions(+), 3 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Merge remote-tracking branch 'dgoulet/bug24767_033_03' into maint-0.3.3

[nickm]

commit e0bbef48bf414574a9e1342accfd2fe0d2a5343e
Merge: 3cc382b93 ab16f1e2a
Author: Nick Mathewson 
Date:   Wed Mar 28 14:21:04 2018 -0400

Merge remote-tracking branch 'dgoulet/bug24767_033_03' into maint-0.3.3

 changes/bug24767   |   5 +
 src/or/connection_or.c | 225 +
 src/or/connection_or.h |   5 +
 src/or/nodelist.c  |   4 +-
 src/or/nodelist.h  |   2 +-
 src/test/test_connection.c |  97 +++
 6 files changed, 335 insertions(+), 3 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] relay: Avoid connecting to down relays

[nickm]

commit f29d158330a8c6bcc91b71a888db741766135aaf
Author: David Goulet 
Date:   Tue Feb 6 15:40:17 2018 -0500

relay: Avoid connecting to down relays

If we failed to connect at the TCP level to a relay, note it down and refuse
to connect again for another 60 seconds.

Fixes #24767

Signed-off-by: David Goulet 
---
 changes/bug24767   |   5 ++
 src/or/connection_or.c | 224 +
 2 files changed, 229 insertions(+)

diff --git a/changes/bug24767 b/changes/bug24767
new file mode 100644
index 0..56fbe51a9
--- /dev/null
+++ b/changes/bug24767
@@ -0,0 +1,5 @@
+  o Major bugfixes (relay, connection):
+- Refuse to connect again to a relay from which we failed previously with
+  a connection refused, timeout or error (at the TCP level). The relay
+  won't be retried for 60 seconds after the failure occured. Fixes bug
+  24767; bugfix on 0.0.6.
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 272a086a3..976889ad0 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1122,6 +1122,216 @@ connection_or_group_set_badness_(smartlist_t *group, 
int force)
   } SMARTLIST_FOREACH_END(or_conn);
 }
 
+/* Lifetime of a connection failure. After that, we'll retry. This is in
+ * seconds. */
+#define OR_CONNECT_FAILURE_LIFETIME 60
+/* The interval to use with when to clean up the failure cache. */
+#define OR_CONNECT_FAILURE_CLEANUP_INTERVAL 60
+
+/* When is the next time we have to cleanup the failure map. We keep this
+ * because we clean it opportunistically. */
+static time_t or_connect_failure_map_next_cleanup_ts = 0;
+
+/* OR connection failure entry data structure. It is kept in the connection
+ * failure map defined below and indexed by OR identity digest, address and
+ * port.
+ *
+ * We need to identify a connection failure with these three values because we
+ * want to avoid to wrongfully blacklist a relay if someone is trying to
+ * extend to a known identity digest but with the wrong IP/port. For instance,
+ * it can happen if a relay changed its port but the client still has an old
+ * descriptor with the old port. We want to stop connecting to that
+ * IP/port/identity all together, not only the relay identity. */
+typedef struct or_connect_failure_entry_t {
+  HT_ENTRY(or_connect_failure_entry_t) node;
+  /* Identity digest of the connection where it is connecting to. */
+  uint8_t identity_digest[DIGEST_LEN];
+  /* This is the connection address from the base connection_t. After the
+   * connection is checked for canonicity, the base address should represent
+   * what we know instead of where we are connecting to. This is what we need
+   * so we can correlate known relays within the consensus. */
+  tor_addr_t addr;
+  uint16_t port;
+  /* Last time we were unable to connect. */
+  time_t last_failed_connect_ts;
+} or_connect_failure_entry_t;
+
+/* Map where we keep connection failure entries. They are indexed by addr,
+ * port and identity digest. */
+static HT_HEAD(or_connect_failure_ht, or_connect_failure_entry_t)
+   or_connect_failures_map = HT_INITIALIZER();
+
+/* Helper: Hashtable equal function. Return 1 if equal else 0. */
+static int
+or_connect_failure_ht_eq(const or_connect_failure_entry_t *a,
+ const or_connect_failure_entry_t *b)
+{
+  return fast_memeq(a->identity_digest, b->identity_digest, DIGEST_LEN) &&
+ tor_addr_eq(>addr, >addr) &&
+ a->port == b->port;
+}
+
+/* Helper: Return the hash for the hashtable of the given entry. For this
+ * table, it is a combination of address, port and identity digest. */
+static unsigned int
+or_connect_failure_ht_hash(const or_connect_failure_entry_t *entry)
+{
+  size_t offset = 0, addr_size;
+  const void *addr_ptr;
+  /* Largest size is IPv6 and IPv4 is smaller so it is fine. */
+  uint8_t data[16 + sizeof(uint16_t) + DIGEST_LEN];
+
+  /* Get the right address bytes depending on the family. */
+  switch (tor_addr_family(>addr)) {
+  case AF_INET:
+addr_size = 4;
+addr_ptr = >addr.addr.in_addr.s_addr;
+break;
+  case AF_INET6:
+addr_size = 16;
+addr_ptr = >addr.addr.in6_addr.s6_addr;
+break;
+  default:
+tor_assert_nonfatal_unreached();
+return 0;
+  }
+
+  memcpy(data, addr_ptr, addr_size);
+  offset += addr_size;
+  memcpy(data + offset, entry->identity_digest, DIGEST_LEN);
+  offset += DIGEST_LEN;
+  set_uint16(data + offset, entry->port);
+  offset += sizeof(uint16_t);
+
+  return (unsigned int) siphash24g(data, offset);
+}
+
+HT_PROTOTYPE(or_connect_failure_ht, or_connect_failure_entry_t, node,
+ or_connect_failure_ht_hash, or_connect_failure_ht_eq)
+
+HT_GENERATE2(or_connect_failure_ht, or_connect_failure_entry_t, node,
+ or_connect_failure_ht_hash, or_connect_failure_ht_eq,
+ 0.6, tor_reallocarray_, tor_free_)
+
+/* Initialize a given connect failure entry 

[tor-commits] [tor/master] Merge remote-tracking branch 'dgoulet/bug24767_033_03' into maint-0.3.3

[nickm]

commit e0bbef48bf414574a9e1342accfd2fe0d2a5343e
Merge: 3cc382b93 ab16f1e2a
Author: Nick Mathewson 
Date:   Wed Mar 28 14:21:04 2018 -0400

Merge remote-tracking branch 'dgoulet/bug24767_033_03' into maint-0.3.3

 changes/bug24767   |   5 +
 src/or/connection_or.c | 225 +
 src/or/connection_or.h |   5 +
 src/or/nodelist.c  |   4 +-
 src/or/nodelist.h  |   2 +-
 src/test/test_connection.c |  97 +++
 6 files changed, 335 insertions(+), 3 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Merge remote-tracking branch 'dgoulet/bug24767_033_03' into maint-0.3.3

[nickm]

commit e0bbef48bf414574a9e1342accfd2fe0d2a5343e
Merge: 3cc382b93 ab16f1e2a
Author: Nick Mathewson 
Date:   Wed Mar 28 14:21:04 2018 -0400

Merge remote-tracking branch 'dgoulet/bug24767_033_03' into maint-0.3.3

 changes/bug24767   |   5 +
 src/or/connection_or.c | 225 +
 src/or/connection_or.h |   5 +
 src/or/nodelist.c  |   4 +-
 src/or/nodelist.h  |   2 +-
 src/test/test_connection.c |  97 +++
 6 files changed, 335 insertions(+), 3 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] test: Add unittest for the OR connection failure cache

[nickm]

commit ab16f1e2a10ee1b95118ec266ba454697e9af012
Author: George Kadianakis 
Date:   Wed Feb 14 13:40:42 2018 +0200

test: Add unittest for the OR connection failure cache

Signed-off-by: David Goulet 
---
 src/or/connection_or.c |  5 ++-
 src/or/connection_or.h |  5 +++
 src/or/nodelist.c  |  4 +-
 src/or/nodelist.h  |  2 +-
 src/test/test_connection.c | 97 ++
 5 files changed, 108 insertions(+), 5 deletions(-)

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 976889ad0..267463312 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -28,6 +28,7 @@
  * part of a subclass (channel_tls_t).
  */
 #define TOR_CHANNEL_INTERNAL_
+#define CONNECTION_OR_PRIVATE
 #include "channel.h"
 #include "channeltls.h"
 #include "circuitbuild.h"
@@ -1255,7 +1256,7 @@ or_connect_failure_find(const or_connection_t *or_conn)
 
 /* Note down in the connection failure cache that a failure occurred on the
  * given or_conn. */
-static void
+STATIC void
 note_or_connect_failed(const or_connection_t *or_conn)
 {
   or_connect_failure_entry_t *ocf = NULL;
@@ -1294,7 +1295,7 @@ or_connect_failure_map_cleanup(time_t cutoff)
  *
  * The or_conn MUST have gone through connection_or_check_canonicity() so the
  * base address is properly set to what we know or doesn't know. */
-static int
+STATIC int
 should_connect_to_relay(const or_connection_t *or_conn)
 {
   time_t now, cutoff;
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index 7c1dced63..158eb1fda 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -120,6 +120,11 @@ int connection_or_single_set_badness_(time_t now,
   int force);
 void connection_or_group_set_badness_(smartlist_t *group, int force);
 
+#ifdef CONNECTION_OR_PRIVATE
+STATIC int should_connect_to_relay(const or_connection_t *or_conn);
+STATIC void note_or_connect_failed(const or_connection_t *or_conn);
+#endif
+
 #ifdef TOR_UNIT_TESTS
 extern int certs_cell_ed25519_disabled_for_testing;
 #endif
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index 391b31d68..7303539c8 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -161,8 +161,8 @@ init_nodelist(void)
 }
 
 /** As node_get_by_id, but returns a non-const pointer */
-node_t *
-node_get_mutable_by_id(const char *identity_digest)
+MOCK_IMPL(node_t *,
+node_get_mutable_by_id,(const char *identity_digest))
 {
   node_t search, *node;
   if (PREDICT_UNLIKELY(the_nodelist == NULL))
diff --git a/src/or/nodelist.h b/src/or/nodelist.h
index dc20eaf0a..043d7b341 100644
--- a/src/or/nodelist.h
+++ b/src/or/nodelist.h
@@ -16,7 +16,7 @@
 tor_assert((n)->ri || (n)->rs); \
   } STMT_END
 
-node_t *node_get_mutable_by_id(const char *identity_digest);
+MOCK_DECL(node_t *, node_get_mutable_by_id,(const char *identity_digest));
 MOCK_DECL(const node_t *, node_get_by_id, (const char *identity_digest));
 node_t *node_get_mutable_by_ed25519_id(const ed25519_public_key_t *ed_id);
 MOCK_DECL(const node_t *, node_get_by_ed25519_id,
diff --git a/src/test/test_connection.c b/src/test/test_connection.c
index 33f453b8b..dc0f6860d 100644
--- a/src/test/test_connection.c
+++ b/src/test/test_connection.c
@@ -5,6 +5,7 @@
 
 #define CONNECTION_PRIVATE
 #define MAIN_PRIVATE
+#define CONNECTION_OR_PRIVATE
 
 #include "or.h"
 #include "test.h"
@@ -13,9 +14,11 @@
 #include "hs_common.h"
 #include "main.h"
 #include "microdesc.h"
+#include "nodelist.h"
 #include "networkstatus.h"
 #include "rendcache.h"
 #include "directory.h"
+#include "connection_or.h"
 
 #include "test_connection.h"
 #include "test_helpers.h"
@@ -776,6 +779,99 @@ test_conn_download_status(void *arg)
   /* the teardown function removes all the connections in the global list*/;
 }
 
+static node_t test_node;
+
+static node_t *
+mock_node_get_mutable_by_id(const char *digest)
+{
+  (void) digest;
+  static routerinfo_t node_ri;
+  memset(_ri, 0, sizeof(node_ri));
+
+  test_node.ri = _ri;
+  memset(test_node.identity, 'c', sizeof(test_node.identity));
+
+  tor_addr_t ipv4_addr;
+  tor_addr_parse(_addr, "18.0.0.1");
+  node_ri.addr = tor_addr_to_ipv4h(_addr);
+  node_ri.or_port = 1;
+
+  return _node;
+}
+
+static const node_t *
+mock_node_get_by_id(const char *digest)
+{
+  (void) digest;
+  memset(test_node.identity, 'c', sizeof(test_node.identity));
+  return _node;
+}
+
+/* Test whether we correctly track failed connections between relays. */
+static void
+test_failed_orconn_tracker(void *arg)
+{
+  (void) arg;
+
+  int can_connect;
+  time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */
+  (void) now;
+
+  update_approx_time(now);
+
+  /* Prepare the OR connection that will be used in this test */
+  or_connection_t or_conn;
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_conn.real_addr, "18.0.0.1"));
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_conn.base_.addr, "18.0.0.1"));
+  

[tor-commits] [tor/master] Merge branch 'maint-0.3.3'

[nickm]

commit 794a25f8c11971cf71f472820c2d3cd6a0f29b94
Merge: a3c1d78c2 e0bbef48b
Author: Nick Mathewson 
Date:   Wed Mar 28 14:23:06 2018 -0400

Merge branch 'maint-0.3.3'

 changes/bug24767   |   5 +
 src/or/connection_or.c | 225 +
 src/or/connection_or.h |   5 +
 src/or/nodelist.c  |   4 +-
 src/or/nodelist.h  |   2 +-
 src/test/test_connection.c |  97 +++
 6 files changed, 335 insertions(+), 3 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-launcher-properties] Update translations for tor-launcher-properties

[translation]

commit bf9f0fd54c102703e6c1c1499301ce27f36f17c0
Author: Translation commit bot 
Date:   Wed Mar 28 16:16:24 2018 +

Update translations for tor-launcher-properties
---
 nb/torlauncher.properties | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nb/torlauncher.properties b/nb/torlauncher.properties
index 7e4a018e6..8e97a0dc1 100644
--- a/nb/torlauncher.properties
+++ b/nb/torlauncher.properties
@@ -32,10 +32,10 @@ torlauncher.error_bridge_bad_default_type=Det er ingen 
angitte broer som har til
 torlauncher.bridge_suffix.meek-amazon=(virker i Kina)
 torlauncher.bridge_suffix.meek-azure=(virker i Kina)
 
-torlauncher.request_a_bridge=Request a Bridge…
-torlauncher.request_a_new_bridge=Request a New Bridge…
+torlauncher.request_a_bridge=Forespør en bro…
+torlauncher.request_a_new_bridge=Forespør ny bro…
 torlauncher.contacting_bridgedb=Contacting BridgeDB. Please wait.
-torlauncher.captcha_prompt=Solve the CAPTCHA to request a bridge.
+torlauncher.captcha_prompt=Løs CAPTCHA-en for å forespørre en bro.
 torlauncher.bad_captcha_solution=The solution is not correct. Please try again.
 torlauncher.unable_to_get_bridge=Unable to obtain a bridge from BridgeDB.\n\n%S
 torlauncher.no_meek=This browser is not configured for meek, which is needed 
to obtain bridges.

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [webwml/master] Update Tor Messenger activity status on volunteer page

[hiro]

commit 21f81f99eade9e633cc443a8f6d3b9459fb01745
Author: Sukhbir Singh 
Date:   Wed Mar 28 10:22:18 2018 -0400

Update Tor Messenger activity status on volunteer page

Signed-off-by: hiro 
---
 getinvolved/en/volunteer.wml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/getinvolved/en/volunteer.wml b/getinvolved/en/volunteer.wml
index 6d38a40f..22eeaa38 100644
--- a/getinvolved/en/volunteer.wml
+++ b/getinvolved/en/volunteer.wml
@@ -174,7 +174,7 @@ meetings around the world.
 Tor Messenger
 Bundle
 JavaScript, XUL, Scripting
-Heavy
+None
 arlolra, boklm, sukhe
   
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [torbirdy/master] Update the ChangeLog

[sukhbir]

commit 670d3488f82acce67df4859d23bc6c4a23ee2907
Author: Sukhbir Singh 
Date:   Wed Mar 28 11:33:51 2018 -0400

Update the ChangeLog
---
 ChangeLog | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index d95c5d2..935e39d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 0.2.4, 
- * Update translations, adding all supported languages from Transifex
+ * Bug 22484: TB 52+ leaks installed dictionary
+ * Bug 22944: Disable fetching site icons
  * Added support for Thunderbird 58 and Thunderbird 59
+ * Update translations, adding all supported languages from Transifex
 
 0.2.3, 04 Aug 2017
  * Bug 21880: Enable encrypted email headers for Enigmail (Memory Hole)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [torbirdy/master] Prevent leaking user's installed dictionary (Bug 22484)

[sukhbir]

commit 63fa6e508d5ed3218ca9f261a00347f0027b0913
Author: Sukhbir Singh 
Date:   Wed Mar 28 11:31:53 2018 -0400

Prevent leaking user's installed dictionary (Bug 22484)

Also set the Content-Language to "en-US" to prevent leaking the user's
default dictionary. Reported in https://bugs.torproject.org/22484 and
discussed in Section 4 of RFC 3282.  Thunderbird bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1370217
---
 components/torbirdy.js | 20 +++-
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/components/torbirdy.js b/components/torbirdy.js
index bfe2427..e8d2cd2 100644
--- a/components/torbirdy.js
+++ b/components/torbirdy.js
@@ -391,12 +391,14 @@ var TorBirdyOldPrefs = [
   "network.proxy.http",
 ]
 
-// sanitizeDateHeaders()
-// Run this function to make sure that the Date header in a new message
-// is rounded down to the nearest minute.
-function sanitizeDateHeaders() {
+// sanitizeHeaders()
+// Sanitize the "Date" and "Content-Language" headers.
+function sanitizeHeaders() {
   // Import the jsmime module that is used to generate mail headers.
   let { jsmime } = Cu.import("resource:///modules/jsmime.jsm");
+  // Date
+  // Run this function to make sure that the Date header in a new message
+  // is rounded down to the nearest minute.
   // Inject our own structured encoder to the default header emitter,
   // to override the default Date encoder with a rounded-down version.
   jsmime.headeremitter.addStructuredEncoder("Date", function (date) {
@@ -410,6 +412,14 @@ function sanitizeDateHeaders() {
 // We replace the "GMT" symbol with "+" because it is preferred.
 this.addText(roundedDate.toUTCString().replace(/GMT$/, "+"), false);
   });
+  // Content-Language
+  // Also set the Content-Language to "en-US" to prevent leaking the user's
+  // default dictionary. Reported in https://bugs.torproject.org/22484 and
+  // discussed in Section 4 of RFC 3282.
+  // Thunderbird bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1370217
+  jsmime.headeremitter.addStructuredEncoder("Content-Language", function 
(locale) {
+this.addText("en-US", false);
+  });
 }
 
 function TorBirdy() {
@@ -439,7 +449,7 @@ function TorBirdy() {
 
   this.setAccountPrefs();
   this.setPrefs();
-  sanitizeDateHeaders();
+  sanitizeHeaders();
 
 }
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [metrics-web/master] Update news.json to version 247 of doc/MetricsTimeline.

[karsten]

commit b5f3e402159a7f5ed9d955aa83324343123f0cb1
Author: Karsten Loesing 
Date:   Wed Mar 28 17:17:43 2018 +0200

Update news.json to version 247 of doc/MetricsTimeline.
---
 src/main/resources/web/json/news.json | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/src/main/resources/web/json/news.json 
b/src/main/resources/web/json/news.json
index 2f72791..8081a2f 100644
--- a/src/main/resources/web/json/news.json
+++ b/src/main/resources/web/json/news.json
@@ -4515,6 +4515,24 @@
 ]
   },
   {
+"start": "2018-03-26",
+"protocols": [
+  "snowflake"
+],
+"shortDescription": "Release of Tor Browser 8.0a5",
+"description": "Release of Tor Browser 8.0a5. Improves snowflake client 
performance.",
+"links": [
+  {
+"label": "blog post",
+"target": "https://blog.torproject.org/tor-browser-80a5-released;
+  },
+  {
+"label": "ticket",
+"target": "https://bugs.torproject.org/21312;
+  }
+]
+  },
+  {
 "start": "2016-02-24",
 "places": [
   "tm"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [metrics-web/master] Provide no-data pictures, pdfs, and csv files instead of server error.

[karsten]

commit 533225c4250490857b0ed3e31232914da725cc13
Author: iwakeh 
Date:   Sat Mar 24 09:31:08 2018 +

Provide no-data pictures, pdfs, and csv files instead of server error.

Implements task-25264.
---
 build.xml   |   1 +
 src/main/R/rserver/graphs.R |  20 
 .../torproject/metrics/web/RObjectGenerator.java|   7 ---
 src/main/resources/web/images/no-data-available.pdf | Bin 0 -> 33824 bytes
 src/main/resources/web/images/no-data-available.png | Bin 0 -> 26209 bytes
 src/main/resources/web/images/no-data-available.xcf | Bin 0 -> 104450 bytes
 6 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/build.xml b/build.xml
index 3b4222e..17160ee 100644
--- a/build.xml
+++ b/build.xml
@@ -504,6 +504,7 @@
 
   
   
+  
 
   
 
diff --git a/src/main/R/rserver/graphs.R b/src/main/R/rserver/graphs.R
index 57d2be2..332204b 100644
--- a/src/main/R/rserver/graphs.R
+++ b/src/main/R/rserver/graphs.R
@@ -328,6 +328,26 @@ stats_dir <- 
"/srv/metrics.torproject.org/metrics/shared/stats/"
 
 rdata_dir <- "/srv/metrics.torproject.org/metrics/shared/RData/"
 
+# Helper function that copies the appropriate no data object to filename.
+copy_no_data <- function(filename) {
+  len <- nchar(filename)
+  extension <- substr(filename, len - 3, len)
+  if (".csv" == extension) {
+write("# No data available for the given parameters.", file=filename)
+  } else {
+file.copy(paste(rdata_dir, "no-data-available", extension, sep = ""),
+  filename)
+  }
+}
+
+# Helper function wrapping calls into error handling.
+robust_call <- function(wrappee, filename) {
+  tryCatch(eval(wrappee), error = function(e) copy_no_data(filename),
+ finally = if (!file.exists(filename) || file.size(filename) == 0) {
+   copy_no_data(filename)
+   })
+}
+
 prepare_networksize <- function(start, end) {
   read.csv(paste(stats_dir, "servers.csv", sep = ""),
 colClasses = c("date" = "Date")) %>%
diff --git a/src/main/java/org/torproject/metrics/web/RObjectGenerator.java 
b/src/main/java/org/torproject/metrics/web/RObjectGenerator.java
index 04bda0c..e3a2419 100644
--- a/src/main/java/org/torproject/metrics/web/RObjectGenerator.java
+++ b/src/main/java/org/torproject/metrics/web/RObjectGenerator.java
@@ -117,19 +117,20 @@ public class RObjectGenerator implements 
ServletContextListener {
 == null) {
   return null;
 }
-String function = this.availableGraphs.get(requestedGraph)
-.getFunction();
 Map checkedParameters = GraphParameterChecker
 .getInstance().checkParameters(requestedGraph, parameterMap);
 if (checkedParameters == null) {
   return null;
 }
 StringBuilder queryBuilder = new StringBuilder();
+queryBuilder.append("robust_call(as.call(list(");
 if ("csv".equalsIgnoreCase(fileType)) {
   queryBuilder.append("write_");
 } else {
   queryBuilder.append("plot_");
 }
+String function = this.availableGraphs.get(requestedGraph)
+.getFunction();
 queryBuilder.append(function).append("(");
 StringBuilder imageFilenameBuilder =
 new StringBuilder(requestedGraph);
@@ -154,7 +155,7 @@ public class RObjectGenerator implements 
ServletContextListener {
 }
 imageFilenameBuilder.append(".").append(fileType);
 String imageFilename = imageFilenameBuilder.toString();
-queryBuilder.append("path = '%s')");
+queryBuilder.append("path = '%1$s'))), '%1$s')");
 String query = queryBuilder.toString();
 File imageFile = new File(this.cachedGraphsDirectory + "/"
 + imageFilename);
diff --git a/src/main/resources/web/images/no-data-available.pdf 
b/src/main/resources/web/images/no-data-available.pdf
new file mode 100644
index 000..8c9ca25
Binary files /dev/null and 
b/src/main/resources/web/images/no-data-available.pdf differ
diff --git a/src/main/resources/web/images/no-data-available.png 
b/src/main/resources/web/images/no-data-available.png
new file mode 100644
index 000..36310ad
Binary files /dev/null and 
b/src/main/resources/web/images/no-data-available.png differ
diff --git a/src/main/resources/web/images/no-data-available.xcf 
b/src/main/resources/web/images/no-data-available.xcf
new file mode 100644
index 000..42a7170
Binary files /dev/null and 
b/src/main/resources/web/images/no-data-available.xcf differ



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [metrics-web/master] Make generate-specs target optional.

[karsten]

commit ac10cec5a86dbbfd821bb6572636fe4cb23cbdde
Author: Karsten Loesing 
Date:   Wed Mar 28 16:41:19 2018 +0200

Make generate-specs target optional.

Without this change, `ant war` would not succeed, because it finds the
spec JSP files in two places with the same name, and that is not
allowed.
---
 build.xml | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/build.xml b/build.xml
index 0e05d12..3b4222e 100644
--- a/build.xml
+++ b/build.xml
@@ -151,7 +151,6 @@
 
 
 
-
 
 
-  
   
   
@@ -287,7 +283,7 @@
 
   
   



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [metrics-web/master] Update to latest metrics-lib.

[karsten]

commit d85e4368a4d91846a1541aa1a72242bb001a5e3c
Author: Karsten Loesing 
Date:   Wed Mar 28 16:43:16 2018 +0200

Update to latest metrics-lib.
---
 src/submods/metrics-lib | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/submods/metrics-lib b/src/submods/metrics-lib
index 2e235ef..f826234 16
--- a/src/submods/metrics-lib
+++ b/src/submods/metrics-lib
@@ -1 +1 @@
-Subproject commit 2e235ef8f38aac679817fa8e8b9171aadb3d5b9d
+Subproject commit f826234e8064014487d871838e8074e83a142e42



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [metrics-web/master] Use 'StringBuilder#append' consistently.

[karsten]

commit 03fc04edbd31490dcb1c31499c6ddce12a214328
Author: iwakeh 
Date:   Sat Mar 24 09:31:07 2018 +

Use 'StringBuilder#append' consistently.
---
 .../java/org/torproject/metrics/web/RObjectGenerator.java  | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/torproject/metrics/web/RObjectGenerator.java 
b/src/main/java/org/torproject/metrics/web/RObjectGenerator.java
index 5d9b29c..04bda0c 100644
--- a/src/main/java/org/torproject/metrics/web/RObjectGenerator.java
+++ b/src/main/java/org/torproject/metrics/web/RObjectGenerator.java
@@ -188,18 +188,18 @@ public class RObjectGenerator implements 
ServletContextListener {
   String parameterName = parameter.getKey();
   String[] parameterValues = parameter.getValue();
   for (String param : parameterValues) {
-tableFilenameBuilder.append("-" + param);
+tableFilenameBuilder.append("-").append(param);
   }
   if (parameterValues.length < 2) {
-queryBuilder.append(parameterName + " = '"
-+ parameterValues[0] + "', ");
+queryBuilder.append(parameterName).append(" = '")
+.append(parameterValues[0]).append("', ");
   } else {
-queryBuilder.append(parameterName + " = c(");
+queryBuilder.append(parameterName).append(" = c(");
 for (int i = 0; i < parameterValues.length - 1; i++) {
-  queryBuilder.append("'" + parameterValues[i] + "', ");
+  queryBuilder.append("'").append(parameterValues[i]).append("', ");
 }
-queryBuilder.append("'" + parameterValues[
-parameterValues.length - 1] + "'), ");
+queryBuilder.append("'").append(parameterValues[
+parameterValues.length - 1]).append("'), ");
   }
 }
 tableFilenameBuilder.append(".tbl");



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-greeter-2_completed] Update translations for tails-greeter-2_completed

[translation]

commit d32d6516bd7752dfa9b3bb25a27d9a0112c1b471
Author: Translation commit bot 
Date:   Wed Mar 28 14:19:50 2018 +

Update translations for tails-greeter-2_completed
---
 pt_BR/pt_BR.po | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pt_BR/pt_BR.po b/pt_BR/pt_BR.po
index 997bfaca1..89edeee72 100644
--- a/pt_BR/pt_BR.po
+++ b/pt_BR/pt_BR.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-01-22 14:15+0100\n"
+"POT-Creation-Date: 2018-03-01 20:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: CRISTIANO MARQUES DOS SANTOS 
, 2016\n"
 "Language-Team: Portuguese (Brazil) 
(https://www.transifex.com/otf/teams/1519/pt_BR/)\n"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-greeter-2] Update translations for tails-greeter-2

[translation]

commit 49218b1cbd948691a502ca04b587d8cc295602c8
Author: Translation commit bot 
Date:   Wed Mar 28 14:19:45 2018 +

Update translations for tails-greeter-2
---
 pt_BR/pt_BR.po | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pt_BR/pt_BR.po b/pt_BR/pt_BR.po
index 997bfaca1..89edeee72 100644
--- a/pt_BR/pt_BR.po
+++ b/pt_BR/pt_BR.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-01-22 14:15+0100\n"
+"POT-Creation-Date: 2018-03-01 20:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: CRISTIANO MARQUES DOS SANTOS 
, 2016\n"
 "Language-Team: Portuguese (Brazil) 
(https://www.transifex.com/otf/teams/1519/pt_BR/)\n"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui] Update translations for mat-gui

[translation]

commit 371b4ff4c7015292fd021a4c74f092a8919826ad
Author: Translation commit bot 
Date:   Wed Mar 28 14:16:18 2018 +

Update translations for mat-gui
---
 pt_BR.po | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index cec133090..8b86cbd25 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -17,7 +17,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2018-03-28 13:07+\n"
+"PO-Revision-Date: 2018-03-28 13:59+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -86,7 +86,7 @@ msgstr "Remover arquivo não suportado dos arquivos"
 
 #: mat-gui:241
 msgid "Remove non-supported (and so non-anonymised) file from output archive"
-msgstr "Remover arquivo não suportado (e como tal não anônimo) do arquivo 
de saída"
+msgstr "Remover documento sem suporte (e como tal não-anônimo) do arquivo 
produzido"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

[translation]

commit ee3f056aeffc1a79c7672924a064c0b8a6054609
Author: Translation commit bot 
Date:   Wed Mar 28 14:16:51 2018 +

Update translations for tails-misc
---
 pt_BR.po | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 25d7675d2..882496869 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -23,7 +23,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2018-03-12 19:03+0100\n"
-"PO-Revision-Date: 2018-03-28 12:47+\n"
+"PO-Revision-Date: 2018-03-28 14:01+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -162,7 +162,7 @@ msgid ""
 "The upgrade failed. This might be due to a network problem. Please check "
 "your network connection, try to restart Tails, or read the system log to "
 "understand better the problem."
-msgstr "A atualização falhou. Isto pode ser devido a um problema de rede. 
Por favor, verifique a sua conexão de rede, tente reiniciar o Tails, ou leia o 
registro do sistema para compreender melhor o problema."
+msgstr "A atualização falhou. Isto pode ser devido a um problema de rede. 
Por favor, verifique a sua conexão de rede, tente reiniciar o Tails ou leia o 
registro do sistema para compreender melhor o problema."
 
 #: config/chroot_local-includes/usr/local/lib/tails-htp-notify-user:52
 msgid "Synchronizing the system's clock"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/liveusb-creator_completed] Update translations for liveusb-creator_completed

[translation]

commit 651c10b8cb0261d82f35dfdc4acac6eae298bfed
Author: Translation commit bot 
Date:   Wed Mar 28 14:15:54 2018 +

Update translations for liveusb-creator_completed
---
 pt_BR/pt_BR.po | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pt_BR/pt_BR.po b/pt_BR/pt_BR.po
index fb7a2901c..16e97fa7f 100644
--- a/pt_BR/pt_BR.po
+++ b/pt_BR/pt_BR.po
@@ -3,7 +3,7 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Communia , 2013-2017
+# Communia , 2013-2018
 # carlo giusepe tadei valente sasaki , 2014
 # carlo giusepe tadei valente sasaki , 2014
 # Carlos Villela, 2014
@@ -29,8 +29,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-11-10 15:57+0100\n"
-"PO-Revision-Date: 2017-11-11 03:09+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2018-03-28 14:05+\n"
+"Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -366,7 +366,7 @@ msgid ""
 "The USB stick \"%(pretty_name)s\" is configured as non-removable by its "
 "manufacturer and Tails will fail to start on it. Please try installing on a "
 "different model."
-msgstr "A memória USB \"%(pretty_name)s\" está configurado como 
'não-removível' pelo fabricante e o Tais não funcionará nele. Por favor, 
tente instalar Tails em um outro modelo de memória USB.."
+msgstr "A memória USB \"%(pretty_name)s\" está configurada como 
'não-removível' pelo fabricante e o Tais não funcionará nela. Por favor, 
tente instalar Tails em um outro modelo de memória USB."
 
 #: ../tails_installer/gui.py:567
 #, python-format

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/liveusb-creator] Update translations for liveusb-creator

[translation]

commit 14b6d4342c74f01dd77ac78295316acc4ea96a5c
Author: Translation commit bot 
Date:   Wed Mar 28 14:15:48 2018 +

Update translations for liveusb-creator
---
 pt_BR/pt_BR.po | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pt_BR/pt_BR.po b/pt_BR/pt_BR.po
index fb7a2901c..16e97fa7f 100644
--- a/pt_BR/pt_BR.po
+++ b/pt_BR/pt_BR.po
@@ -3,7 +3,7 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Communia , 2013-2017
+# Communia , 2013-2018
 # carlo giusepe tadei valente sasaki , 2014
 # carlo giusepe tadei valente sasaki , 2014
 # Carlos Villela, 2014
@@ -29,8 +29,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-11-10 15:57+0100\n"
-"PO-Revision-Date: 2017-11-11 03:09+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2018-03-28 14:05+\n"
+"Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -366,7 +366,7 @@ msgid ""
 "The USB stick \"%(pretty_name)s\" is configured as non-removable by its "
 "manufacturer and Tails will fail to start on it. Please try installing on a "
 "different model."
-msgstr "A memória USB \"%(pretty_name)s\" está configurado como 
'não-removível' pelo fabricante e o Tais não funcionará nele. Por favor, 
tente instalar Tails em um outro modelo de memória USB.."
+msgstr "A memória USB \"%(pretty_name)s\" está configurada como 
'não-removível' pelo fabricante e o Tais não funcionará nela. Por favor, 
tente instalar Tails em um outro modelo de memória USB."
 
 #: ../tails_installer/gui.py:567
 #, python-format

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui_completed] Update translations for mat-gui_completed

[translation]

commit 820e8f8b8fdcabddf748cdfa3e83f342e1acc95e
Author: Translation commit bot 
Date:   Wed Mar 28 14:16:23 2018 +

Update translations for mat-gui_completed
---
 pt_BR.po | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index cec133090..8b86cbd25 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -17,7 +17,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2018-03-28 13:07+\n"
+"PO-Revision-Date: 2018-03-28 13:59+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -86,7 +86,7 @@ msgstr "Remover arquivo não suportado dos arquivos"
 
 #: mat-gui:241
 msgid "Remove non-supported (and so non-anonymised) file from output archive"
-msgstr "Remover arquivo não suportado (e como tal não anônimo) do arquivo 
de saída"
+msgstr "Remover documento sem suporte (e como tal não-anônimo) do arquivo 
produzido"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/https_everywhere] Update translations for https_everywhere

[translation]

commit fba08701e5358f8fa44ba664f590cd2e423ce7b7
Author: Translation commit bot 
Date:   Wed Mar 28 14:15:34 2018 +

Update translations for https_everywhere
---
 hi/ssl-observatory.dtd | 2 +-
 pt_BR/https-everywhere.dtd | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hi/ssl-observatory.dtd b/hi/ssl-observatory.dtd
index c94e3d593..accf391ac 100644
--- a/hi/ssl-observatory.dtd
+++ b/hi/ssl-observatory.dtd
@@ -1,6 +1,6 @@
 
 
-
+
 
 
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/https_everywhere_completed] Update translations for https_everywhere_completed

[translation]

commit 1efd4ea00845a65d7bfa05a43b1026b8c68f6862
Author: Translation commit bot 
Date:   Wed Mar 28 14:15:42 2018 +

Update translations for https_everywhere_completed
---
 pt_BR/https-everywhere.dtd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pt_BR/https-everywhere.dtd b/pt_BR/https-everywhere.dtd
index e9597afcb..9039aacd5 100644
--- a/pt_BR/https-everywhere.dtd
+++ b/pt_BR/https-everywhere.dtd
@@ -20,7 +20,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-messenger-authdtd_completed] Update translations for tor-messenger-authdtd_completed

[translation]

commit 3a4f35c359e8ee0cdda3bd805bdee569855ebebc
Author: Translation commit bot 
Date:   Wed Mar 28 13:48:45 2018 +

Update translations for tor-messenger-authdtd_completed
---
 pt_BR/auth.dtd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pt_BR/auth.dtd b/pt_BR/auth.dtd
index 9ef9ad456..f402b4e3c 100644
--- a/pt_BR/auth.dtd
+++ b/pt_BR/auth.dtd
@@ -6,7 +6,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-messenger-authdtd] Update translations for tor-messenger-authdtd

[translation]

commit 706e9897b973f9e1614530c823330cfd0cea6a23
Author: Translation commit bot 
Date:   Wed Mar 28 13:48:39 2018 +

Update translations for tor-messenger-authdtd
---
 pt_BR/auth.dtd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pt_BR/auth.dtd b/pt_BR/auth.dtd
index 9ef9ad456..f402b4e3c 100644
--- a/pt_BR/auth.dtd
+++ b/pt_BR/auth.dtd
@@ -6,7 +6,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

[translation]

commit d66049cce851001b8687db67c74fc774d7f6bddb
Author: Translation commit bot 
Date:   Wed Mar 28 13:17:04 2018 +

Update translations for tails-misc
---
 pt_BR.po | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 6fec6546e..25d7675d2 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -23,7 +23,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2018-03-12 19:03+0100\n"
-"PO-Revision-Date: 2018-03-28 12:46+\n"
+"PO-Revision-Date: 2018-03-28 12:47+\n"
 "Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
@@ -88,7 +88,7 @@ msgstr "Reiniciar"
 
 #: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-hel...@tails.boum.org/extension.js:78
 msgid "Lock screen"
-msgstr ""
+msgstr "Bloquear a tela"
 
 #: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-hel...@tails.boum.org/extension.js:81
 msgid "Power Off"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui_completed] Update translations for mat-gui_completed

[translation]

commit e1612205bbceaa88652ab27a2999c85aba646310
Author: Translation commit bot 
Date:   Wed Mar 28 13:16:29 2018 +

Update translations for mat-gui_completed
---
 pt_BR.po | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 06edddf53..cec133090 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -3,7 +3,7 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Communia , 2013-2015
+# Communia , 2013-2015,2018
 # carlo giusepe tadei valente sasaki , 2014
 # Danton Medrado, 2015
 # Eduardo Bonsi, 2013-2014
@@ -17,8 +17,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2018-02-20 18:56+\n"
-"Last-Translator: Danton Medrado\n"
+"PO-Revision-Date: 2018-03-28 13:07+\n"
+"Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -53,7 +53,7 @@ msgstr "Nenhum metadado foi encontrado"
 
 #: mat-gui:170 mat-gui:419
 msgid "Dirty"
-msgstr "Sujo"
+msgstr "Não foi limpo"
 
 #: mat-gui:176
 #, python-format

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui] Update translations for mat-gui

[translation]

commit b1b1f227709674983b8e114ca676e00adf35afd8
Author: Translation commit bot 
Date:   Wed Mar 28 13:16:23 2018 +

Update translations for mat-gui
---
 pt_BR.po | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 06edddf53..cec133090 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -3,7 +3,7 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Communia , 2013-2015
+# Communia , 2013-2015,2018
 # carlo giusepe tadei valente sasaki , 2014
 # Danton Medrado, 2015
 # Eduardo Bonsi, 2013-2014
@@ -17,8 +17,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2018-02-20 18:56+\n"
-"Last-Translator: Danton Medrado\n"
+"PO-Revision-Date: 2018-03-28 13:07+\n"
+"Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -53,7 +53,7 @@ msgstr "Nenhum metadado foi encontrado"
 
 #: mat-gui:170 mat-gui:419
 msgid "Dirty"
-msgstr "Sujo"
+msgstr "Não foi limpo"
 
 #: mat-gui:176
 #, python-format

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

[translation]

commit 7989c243b6920ed6b9c83dbb2bf2ab0c6532623c
Author: Translation commit bot 
Date:   Wed Mar 28 12:46:53 2018 +

Update translations for tails-misc
---
 pt_BR.po | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/pt_BR.po b/pt_BR.po
index 732270eea..6fec6546e 100644
--- a/pt_BR.po
+++ b/pt_BR.po
@@ -3,7 +3,7 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Communia , 2013-2017
+# Communia , 2013-2018
 # carlo giusepe tadei valente sasaki , 2014
 # Danton Medrado, 2015
 # Eduardo Bonsi, 2013-2014
@@ -23,8 +23,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2018-03-12 19:03+0100\n"
-"PO-Revision-Date: 2018-03-13 02:48+\n"
-"Last-Translator: Jose Victor \n"
+"PO-Revision-Date: 2018-03-28 12:46+\n"
+"Last-Translator: Communia \n"
 "Language-Team: Portuguese (Brazil) 
(http://www.transifex.com/otf/torproject/language/pt_BR/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -55,7 +55,7 @@ msgid ""
 "an opportunity for eavesdroppers, like your email or Internet provider, to\n"
 "confirm that you are using Tails.\n"
 "\n"
-msgstr "Ajude a consertar o seu erro!\nLeia as 
instruções de relatórios de erros.\nNão inclua 
informações pessoais além do necessário!\nSobre nos 
informar um endereço de e-mail\n\nSe infomar seu e-mail, podemos fazer 
contato para esclarecer o problema. Isto é necessário para a maioria dos 
relatórios que recebemos (muitos deles sem informações de contato são 
inúteis). Por outro lado, pode ser uma oportunidade para bisbilhoteiros como 
seu e-mail ou provedor de Internet confirmarem que você está usando Tails. 
\n"
+msgstr "Ajude a consertar o erro que você encontrou!\nLeia as instruções de relatórios de erros.\nNão 
inclua informações pessoais além do necessário!\nSobre 
como nos informar um endereço de e-mail\n\nSe você informar seu 
e-mail, podemos fentrar em contato para esclarecer o problema. Isso é 
necessário na grande maioria dos relatórios que recebemos (muitos deles nos 
chegam sem informações de contato e são inúteis). No entanto, com um 
endereço de e-mail, alguém que tenha acesso às suas nformações, como o seu 
 provedor de e-mail ou de Internet, poderá confirmar que você está usando 
Tails. \n"
 
 #: config/chroot_local-includes/usr/local/bin/electrum:57
 msgid "Persistence is disabled for Electrum"
@@ -184,7 +184,7 @@ msgstr "Esta versão do Tails tem problemas de segurança 
conhecidos:"
 
 #: config/chroot_local-includes/usr/local/bin/tails-security-check:134
 msgid "Known security issues"
-msgstr "Problemas de seguranca conhecidos"
+msgstr "Problemas de segurança conhecidos"
 
 #: config/chroot_local-includes/usr/local/lib/tails-spoof-mac:52
 #, sh-format
@@ -359,7 +359,7 @@ msgstr "Falha ao executar o navegador."
 
 #: 
../config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop.in.h:1
 msgid "Report an error"
-msgstr "Reportar um erro"
+msgstr "Relatar um erro"
 
 #: 
../config/chroot_local-includes/etc/skel/Desktop/tails-documentation.desktop.in.h:1
 #: 
../config/chroot_local-includes/usr/share/applications/tails-documentation.desktop.in.h:1
@@ -396,4 +396,4 @@ msgstr "Ferramentas específicas do Tails"
 
 #: 
../config/chroot_local-includes/usr/share/polkit-1/actions/org.boum.tails.root-terminal.policy.in.h:1
 msgid "To start a Root Terminal, you need to authenticate."
-msgstr "Para iniciar o Terminal Root, é preciso inserir sua senha."
+msgstr "Para iniciar o terminal root, é preciso autenticar-se."

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] add a changes file for the rust libc update

[nickm]

commit 3cc382b93e6ae55b86c50463493507c6d01250cd
Author: Nick Mathewson 
Date:   Wed Mar 28 08:10:54 2018 -0400

add a changes file for the rust libc update
---
 changes/bug25664 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/changes/bug25664 b/changes/bug25664
new file mode 100644
index 0..c8b3ca618
--- /dev/null
+++ b/changes/bug25664
@@ -0,0 +1,3 @@
+  o New system requirements:
+- When built with Rust, Tor now depends on version 0.2.39 of the libc
+  crate. Closes tickets 25310 and 25664.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Bug 25664: Update libc version requirement for Rust

[nickm]

commit 684aef40f9f003adf211ae29de47905b1109a06c
Author: Georg Koppen 
Date:   Wed Mar 28 10:19:31 2018 +

Bug 25664: Update libc version requirement for Rust

When merging the patches for #25310 the libc version requirement in
`GettingStartedRust.md` and `configure.ac` did not get updated to the
now needed 0.2.39.
---
 configure.ac  | 2 +-
 doc/HACKING/GettingStartedRust.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6c6add187..2b9bc8595 100644
--- a/configure.ac
+++ b/configure.ac
@@ -275,7 +275,7 @@ fi
 AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])
 
 dnl List all external rust crates we depend on here. Include the version
-rust_crates="libc-0.2.22"
+rust_crates="libc-0.2.39"
 AC_SUBST(rust_crates)
 
 ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
diff --git a/doc/HACKING/GettingStartedRust.md 
b/doc/HACKING/GettingStartedRust.md
index f5914bc87..a533ba8a2 100644
--- a/doc/HACKING/GettingStartedRust.md
+++ b/doc/HACKING/GettingStartedRust.md
@@ -65,7 +65,7 @@ fetching dependencies from Cargo or specifying a local 
directory.
 
 You'll need the following Rust dependencies (as of this writing):
 
-libc==0.2.22
+libc==0.2.39
 
 We vendor our Rust dependencies in a separate repo using
 [cargo-vendor](https://github.com/alexcrichton/cargo-vendor).  To use



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] add a changes file for the rust libc update

[nickm]

commit 3cc382b93e6ae55b86c50463493507c6d01250cd
Author: Nick Mathewson 
Date:   Wed Mar 28 08:10:54 2018 -0400

add a changes file for the rust libc update
---
 changes/bug25664 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/changes/bug25664 b/changes/bug25664
new file mode 100644
index 0..c8b3ca618
--- /dev/null
+++ b/changes/bug25664
@@ -0,0 +1,3 @@
+  o New system requirements:
+- When built with Rust, Tor now depends on version 0.2.39 of the libc
+  crate. Closes tickets 25310 and 25664.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] add a changes file for the rust libc update

[nickm]

commit 3cc382b93e6ae55b86c50463493507c6d01250cd
Author: Nick Mathewson 
Date:   Wed Mar 28 08:10:54 2018 -0400

add a changes file for the rust libc update
---
 changes/bug25664 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/changes/bug25664 b/changes/bug25664
new file mode 100644
index 0..c8b3ca618
--- /dev/null
+++ b/changes/bug25664
@@ -0,0 +1,3 @@
+  o New system requirements:
+- When built with Rust, Tor now depends on version 0.2.39 of the libc
+  crate. Closes tickets 25310 and 25664.

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.3.3' into release-0.3.3

[nickm]

commit e31487b4edde5e2e45491f5c32c421acd133ada6
Merge: 08cd7a1bf 3cc382b93
Author: Nick Mathewson 
Date:   Wed Mar 28 08:11:46 2018 -0400

Merge branch 'maint-0.3.3' into release-0.3.3

 changes/bug25664  | 3 +++
 configure.ac  | 2 +-
 doc/HACKING/GettingStartedRust.md | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.3'

[nickm]

commit a3c1d78c29a6827f623c83ca8f45798019206bc9
Merge: 6317aa2cc 3cc382b93
Author: Nick Mathewson 
Date:   Wed Mar 28 08:11:46 2018 -0400

Merge branch 'maint-0.3.3'

 changes/bug25664  | 3 +++
 configure.ac  | 2 +-
 doc/HACKING/GettingStartedRust.md | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Bug 25664: Update libc version requirement for Rust

[nickm]

commit 684aef40f9f003adf211ae29de47905b1109a06c
Author: Georg Koppen 
Date:   Wed Mar 28 10:19:31 2018 +

Bug 25664: Update libc version requirement for Rust

When merging the patches for #25310 the libc version requirement in
`GettingStartedRust.md` and `configure.ac` did not get updated to the
now needed 0.2.39.
---
 configure.ac  | 2 +-
 doc/HACKING/GettingStartedRust.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6c6add187..2b9bc8595 100644
--- a/configure.ac
+++ b/configure.ac
@@ -275,7 +275,7 @@ fi
 AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])
 
 dnl List all external rust crates we depend on here. Include the version
-rust_crates="libc-0.2.22"
+rust_crates="libc-0.2.39"
 AC_SUBST(rust_crates)
 
 ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
diff --git a/doc/HACKING/GettingStartedRust.md 
b/doc/HACKING/GettingStartedRust.md
index f5914bc87..a533ba8a2 100644
--- a/doc/HACKING/GettingStartedRust.md
+++ b/doc/HACKING/GettingStartedRust.md
@@ -65,7 +65,7 @@ fetching dependencies from Cargo or specifying a local 
directory.
 
 You'll need the following Rust dependencies (as of this writing):
 
-libc==0.2.22
+libc==0.2.39
 
 We vendor our Rust dependencies in a separate repo using
 [cargo-vendor](https://github.com/alexcrichton/cargo-vendor).  To use



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Bug 25664: Update libc version requirement for Rust

[nickm]

commit 684aef40f9f003adf211ae29de47905b1109a06c
Author: Georg Koppen 
Date:   Wed Mar 28 10:19:31 2018 +

Bug 25664: Update libc version requirement for Rust

When merging the patches for #25310 the libc version requirement in
`GettingStartedRust.md` and `configure.ac` did not get updated to the
now needed 0.2.39.
---
 configure.ac  | 2 +-
 doc/HACKING/GettingStartedRust.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6c6add187..2b9bc8595 100644
--- a/configure.ac
+++ b/configure.ac
@@ -275,7 +275,7 @@ fi
 AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])
 
 dnl List all external rust crates we depend on here. Include the version
-rust_crates="libc-0.2.22"
+rust_crates="libc-0.2.39"
 AC_SUBST(rust_crates)
 
 ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
diff --git a/doc/HACKING/GettingStartedRust.md 
b/doc/HACKING/GettingStartedRust.md
index f5914bc87..a533ba8a2 100644
--- a/doc/HACKING/GettingStartedRust.md
+++ b/doc/HACKING/GettingStartedRust.md
@@ -65,7 +65,7 @@ fetching dependencies from Cargo or specifying a local 
directory.
 
 You'll need the following Rust dependencies (as of this writing):
 
-libc==0.2.22
+libc==0.2.39
 
 We vendor our Rust dependencies in a separate repo using
 [cargo-vendor](https://github.com/alexcrichton/cargo-vendor).  To use



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Simplify hostname validation code

[nickm]

commit ee1fca727cd739ba94c215a4a45a416bfcc8956e
Author: rl1987 
Date:   Mon Feb 19 21:08:51 2018 +0100

Simplify hostname validation code
---
 src/common/util.c | 26 +++---
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index a55f7a3cd..1402462fb 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1113,6 +1113,9 @@ string_is_valid_hostname(const char *string)
   if (!string || strlen(string) == 0)
 return 0;
 
+  if (string_is_valid_ipv4_address(string))
+return 0;
+
   components = smartlist_new();
 
   smartlist_split_string(components,string,".",0,0);
@@ -1134,25 +1137,10 @@ string_is_valid_hostname(const char *string)
   break;
 }
 
-if (c_sl_idx == c_sl_len - 1) { // TLD validation.
-  int is_punycode = (strlen(c) > 4 &&
- (c[0] == 'X' || c[0] == 'x') &&
- (c[1] == 'N' || c[1] == 'n') &&
-  c[2] == '-' && c[3] == '-');
-
-  if (is_punycode)
-c += 4;
-
-  do {
-result = is_punycode ? TOR_ISALNUM(*c) : TOR_ISALPHA(*c);
-c++;
-  } while (result && *c);
-} else { // Regular hostname label validation.
-  do {
-result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
-c++;
-  } while (result > 0 && *c);
-}
+do {
+  result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
+  c++;
+} while (result > 0 && *c);
 
 if (result == 0) {
   break;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Add a paranoia check in string_is_valid_nonrfc_hostname()

[nickm]

commit d4bf1f6c8eb08c39def69c839515afe475bf0a6b
Author: Nick Mathewson 
Date:   Wed Mar 28 07:48:18 2018 -0400

Add a paranoia check in string_is_valid_nonrfc_hostname()

The earlier checks in this function should ensure that components is
always nonempty.  But in case somebody messes with them in the
future, let's add an extra check to make sure we aren't crashing.
---
 src/common/util.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/common/util.c b/src/common/util.c
index 90aaf0ebe..a68fd30d0 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1125,6 +1125,9 @@ string_is_valid_nonrfc_hostname(const char *string)
 
   smartlist_split_string(components,string,".",0,0);
 
+  if (BUG(smartlist_len(components) == 0))
+return 0; // LCOV_EXCL_LINE should be impossible given the earlier checks.
+
   /* Allow a single terminating '.' used rarely to indicate domains
* are FQDNs rather than relative. */
   last_label = (char *)smartlist_get(components,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Test TLD validation

[nickm]

commit db850fec3ac402084a9036c0ea7b4523f1120eb1
Author: rl1987 
Date:   Mon Feb 12 22:20:45 2018 +0100

Test TLD validation
---
 src/test/test_util.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/src/test/test_util.c b/src/test/test_util.c
index 2fa03e5bc..db2ea1a34 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5589,6 +5589,12 @@ test_util_hostname_validation(void *arg)
   tt_assert(!string_is_valid_hostname("[2a00:1450:401b:800::200e]"));
   tt_assert(!string_is_valid_hostname("2a00:1450:401b:800::200e"));
 
+  // Last label of a hostname is required to be alphabetic according to
+  // RFC 1123 Section 2.1.
+  tt_assert(!string_is_valid_hostname("lucky.13"));
+  tt_assert(!string_is_valid_hostname("luck.y13"));
+  tt_assert(!string_is_valid_hostname("luck.y13."));
+
   done:
   return;
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Don't strlen before checking for NULL

[nickm]

commit 09351c34e9bea4d29fb6f4ac8d40e3bee49e12fc
Author: rl1987 
Date:   Thu Feb 22 19:52:40 2018 +0100

Don't strlen before checking for NULL
---
 src/common/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/util.c b/src/common/util.c
index 497b60be1..5ae4d0408 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1079,7 +1079,7 @@ string_is_valid_dest(const char *string)
 {
   char *tmp = NULL;
   int retval;
-  size_t len = strlen(string);
+  size_t len;
 
   if (string == NULL)
 return 0;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Rename string_is_valid_hostname -> string_is_valid_nonrfc_hostname

[nickm]

commit b504c854d34a938943f68c3036840f10a84fcea4
Author: Nick Mathewson 
Date:   Wed Mar 28 07:42:27 2018 -0400

Rename string_is_valid_hostname -> string_is_valid_nonrfc_hostname

Per discussion on 25055.
---
 src/common/util.c|  4 ++--
 src/common/util.h|  2 +-
 src/test/test_util.c | 55 ++--
 3 files changed, 31 insertions(+), 30 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 5ae4d0408..90aaf0ebe 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1094,7 +1094,7 @@ string_is_valid_dest(const char *string)
 
   retval = string_is_valid_ipv4_address(string) ||
 string_is_valid_ipv6_address(string) ||
-string_is_valid_hostname(string);
+string_is_valid_nonrfc_hostname(string);
 
   tor_free(tmp);
 
@@ -1108,7 +1108,7 @@ string_is_valid_dest(const char *string)
  * with misconfigured zones that have been encountered in the wild.
  */
 int
-string_is_valid_hostname(const char *string)
+string_is_valid_nonrfc_hostname(const char *string)
 {
   int result = 1;
   int has_trailing_dot;
diff --git a/src/common/util.h b/src/common/util.h
index d6bda8036..938078912 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -234,7 +234,7 @@ const char *find_str_at_start_of_line(const char *haystack,
 int string_is_C_identifier(const char *string);
 int string_is_key_value(int severity, const char *string);
 int string_is_valid_dest(const char *string);
-int string_is_valid_hostname(const char *string);
+int string_is_valid_nonrfc_hostname(const char *string);
 int string_is_valid_ipv4_address(const char *string);
 int string_is_valid_ipv6_address(const char *string);
 
diff --git a/src/test/test_util.c b/src/test/test_util.c
index c734426a5..036f739b8 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5559,56 +5559,57 @@ test_util_hostname_validation(void *arg)
   (void)arg;
 
   // Lets try valid hostnames first.
-  tt_assert(string_is_valid_hostname("torproject.org"));
-  tt_assert(string_is_valid_hostname("ocw.mit.edu"));
-  tt_assert(string_is_valid_hostname("i.4cdn.org"));
-  tt_assert(string_is_valid_hostname("stanford.edu"));
-  tt_assert(string_is_valid_hostname("multiple-words-with-hypens.jp"));
+  tt_assert(string_is_valid_nonrfc_hostname("torproject.org"));
+  tt_assert(string_is_valid_nonrfc_hostname("ocw.mit.edu"));
+  tt_assert(string_is_valid_nonrfc_hostname("i.4cdn.org"));
+  tt_assert(string_is_valid_nonrfc_hostname("stanford.edu"));
+  tt_assert(string_is_valid_nonrfc_hostname("multiple-words-with-hypens.jp"));
 
   // Subdomain name cannot start with '-' or '_'.
-  tt_assert(!string_is_valid_hostname("-torproject.org"));
-  tt_assert(!string_is_valid_hostname("subdomain.-domain.org"));
-  tt_assert(!string_is_valid_hostname("-subdomain.domain.org"));
-  tt_assert(!string_is_valid_hostname("___abc.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("-torproject.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("subdomain.-domain.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("-subdomain.domain.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("___abc.org"));
 
   // Hostnames cannot contain non-alphanumeric characters.
-  tt_assert(!string_is_valid_hostname("%%domain.\\org."));
-  tt_assert(!string_is_valid_hostname("***x.net"));
-  tt_assert(!string_is_valid_hostname("\xff\xffxyz.org"));
-  tt_assert(!string_is_valid_hostname("word1 word2.net"));
+  tt_assert(!string_is_valid_nonrfc_hostname("%%domain.\\org."));
+  tt_assert(!string_is_valid_nonrfc_hostname("***x.net"));
+  tt_assert(!string_is_valid_nonrfc_hostname("\xff\xffxyz.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("word1 word2.net"));
 
   // Test workaround for nytimes.com stupidity, technically invalid,
   // but we allow it since they are big, even though they are failing to
   // comply with a ~30 year old standard.
-  tt_assert(string_is_valid_hostname("core3_euw1.fabrik.nytimes.com"));
+  tt_assert(string_is_valid_nonrfc_hostname("core3_euw1.fabrik.nytimes.com"));
 
   // Firefox passes FQDNs with trailing '.'s  directly to the SOCKS proxy,
   // which is redundant since the spec states DOMAINNAME addresses are fully
   // qualified.  While unusual, this should be tollerated.
-  tt_assert(string_is_valid_hostname("core9_euw1.fabrik.nytimes.com."));
-  tt_assert(!string_is_valid_hostname("..washingtonpost.is.better.com"));
-  tt_assert(!string_is_valid_hostname("so.is..ft.com"));
-  tt_assert(!string_is_valid_hostname("..."));
+  tt_assert(string_is_valid_nonrfc_hostname("core9_euw1.fabrik.nytimes.com."));
+  tt_assert(!string_is_valid_nonrfc_hostname(
+ "..washingtonpost.is.better.com"));
+  tt_assert(!string_is_valid_nonrfc_hostname("so.is..ft.com"));
+  tt_assert(!string_is_valid_nonrfc_hostname("..."));
 
   // XXX: do we allow single-label DNS names?
   // We shouldn't for SOCKS (spec says "contains a fully-qualified 

[tor-commits] [tor/release-0.3.3] Merge branch 'bugs25036_25055_clean_033' into maint-0.3.3

[nickm]

commit d416e208e4e94c2b4ccd4e11013151c72180faff
Merge: ddee28a3c d4bf1f6c8
Author: Nick Mathewson 
Date:   Wed Mar 28 07:49:34 2018 -0400

Merge branch 'bugs25036_25055_clean_033' into maint-0.3.3

 changes/bugs_25036_25055 |  7 +
 src/common/util.c| 72 ++--
 src/common/util.h|  3 +-
 src/or/proto_socks.c |  4 +--
 src/test/test_socks.c| 24 ++--
 src/test/test_util.c | 68 +++--
 6 files changed, 138 insertions(+), 40 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.3.3' into release-0.3.3

[nickm]

commit 08cd7a1bf29596aa51290ed00cd21d9247daabef
Merge: f2027d5bf d416e208e
Author: Nick Mathewson 
Date:   Wed Mar 28 07:50:47 2018 -0400

Merge branch 'maint-0.3.3' into release-0.3.3

 changes/bugs_25036_25055 |  7 +
 src/common/util.c| 72 ++--
 src/common/util.h|  3 +-
 src/or/proto_socks.c |  4 +--
 src/test/test_socks.c| 24 ++--
 src/test/test_util.c | 68 +++--
 6 files changed, 138 insertions(+), 40 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Improve handling of trailing dot

[nickm]

commit 4413e52f9e2e3898f870df481aea93b1ea5fd836
Author: rl1987 
Date:   Mon Feb 12 22:21:10 2018 +0100

Improve handling of trailing dot
---
 src/common/util.c | 21 +++--
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index a7eaf5389..096188cfc 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1106,24 +1106,33 @@ int
 string_is_valid_hostname(const char *string)
 {
   int result = 1;
+  int has_trailing_dot;
+  char *last_label;
   smartlist_t *components;
 
+  if (!string || strlen(string) == 0)
+return 0;
+
   components = smartlist_new();
 
   smartlist_split_string(components,string,".",0,0);
 
+  /* Allow a single terminating '.' used rarely to indicate domains
+   * are FQDNs rather than relative. */
+  last_label = (char *)smartlist_get(components, smartlist_len(components) - 
1);
+  has_trailing_dot = (last_label[0] == '\0');
+  if (has_trailing_dot) {
+smartlist_pop_last(components);
+tor_free(last_label);
+last_label = NULL;
+  }
+
   SMARTLIST_FOREACH_BEGIN(components, char *, c) {
 if ((c[0] == '-') || (*c == '_')) {
   result = 0;
   break;
 }
 
-/* Allow a single terminating '.' used rarely to indicate domains
- * are FQDNs rather than relative. */
-if ((c_sl_idx > 0) && (c_sl_idx + 1 == c_sl_len) && !*c) {
-  continue;
-}
-
 if (c_sl_idx == c_sl_len - 1) {
   do {
 result = TOR_ISALPHA(*c);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Don't strlen before checking for NULL

[nickm]

commit 09351c34e9bea4d29fb6f4ac8d40e3bee49e12fc
Author: rl1987 
Date:   Thu Feb 22 19:52:40 2018 +0100

Don't strlen before checking for NULL
---
 src/common/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/util.c b/src/common/util.c
index 497b60be1..5ae4d0408 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1079,7 +1079,7 @@ string_is_valid_dest(const char *string)
 {
   char *tmp = NULL;
   int retval;
-  size_t len = strlen(string);
+  size_t len;
 
   if (string == NULL)
 return 0;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Allow alphanumeric TLDs in test for now

[nickm]

commit d891010fdd4562e29a5a468232cd7b30430d7570
Author: rl1987 
Date:   Tue Feb 20 19:52:48 2018 +0100

Allow alphanumeric TLDs in test for now
---
 src/test/test_util.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/test/test_util.c b/src/test/test_util.c
index ef1f420fe..ee9b16494 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5589,11 +5589,10 @@ test_util_hostname_validation(void *arg)
   tt_assert(!string_is_valid_hostname("[2a00:1450:401b:800::200e]"));
   tt_assert(!string_is_valid_hostname("2a00:1450:401b:800::200e"));
 
-  // Last label of a hostname is required to be alphabetic according to
-  // RFC 1123 Section 2.1.
-  tt_assert(!string_is_valid_hostname("lucky.13"));
-  tt_assert(!string_is_valid_hostname("luck.y13"));
-  tt_assert(!string_is_valid_hostname("luck.y13."));
+  // We allow alphanumeric TLDs. For discussion, see ticket #25055.
+  tt_assert(string_is_valid_hostname("lucky.13"));
+  tt_assert(string_is_valid_hostname("luck.y13"));
+  tt_assert(string_is_valid_hostname("luck.y13."));
 
   // We allow punycode TLDs. For examples, see
   // http://data.iana.org/TLD/tlds-alpha-by-domain.txt



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Also test bracket-less IPv6 string validation

[nickm]

commit 12afd8bfed96c57cd47b18644c2030673496a74f
Author: rl1987 
Date:   Mon Feb 12 21:16:38 2018 +0100

Also test bracket-less IPv6 string validation
---
 src/test/test_socks.c | 17 +
 1 file changed, 17 insertions(+)

diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 3f9cc887b..8da7191e8 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -365,6 +365,23 @@ test_socks_5_supported_commands(void *ptr)
 
   socks_request_clear(socks);
 
+  /* Also allow bracket-less form. */
+
+  ADD_DATA(buf, "\x05\x01\x00");
+  ADD_DATA(buf, "\x05\xF0\x00\x03\x27");
+  ADD_DATA(buf, "2001:0db8:85a3:::8a2e:0370:7334");
+  ADD_DATA(buf, "\x01\x02");
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1),
+OP_EQ, 1);
+
+  tt_str_op("2001:0db8:85a3:::8a2e:0370:7334", OP_EQ,
+socks->address);
+  tt_int_op(258, OP_EQ, socks->port);
+
+  tt_int_op(0, OP_EQ, buf_datalen(buf));
+
+  socks_request_clear(socks);
+
   /* SOCKS 5 Send RESOLVE_PTR [F1] for IP address 2.2.2.5 */
   ADD_DATA(buf, "\x05\x01\x00");
   ADD_DATA(buf, "\x05\xF1\x00\x01\x02\x02\x02\x05\x01\x03");



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Adding changes file

[nickm]

commit df529c60936ef290c917d09d51820680cd31cc8b
Author: rl1987 
Date:   Sun Feb 11 18:16:51 2018 +0100

Adding changes file
---
 changes/bugs_25036_25055 | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/changes/bugs_25036_25055 b/changes/bugs_25036_25055
new file mode 100644
index 0..daa46321c
--- /dev/null
+++ b/changes/bugs_25036_25055
@@ -0,0 +1,7 @@
+  o Minor bugfixes (networking):
+- Tor will not reject IPv6 address strings from TorBrowser when they
+  are passed as hostnames in SOCKS5 requests. Fixes bug 25036,
+  bugfix on Tor 0.3.1.2.
+- string_is_valid_hostname() will not consider IP strings to be valid
+  hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5.
+



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Allow alphanumeric TLDs in test for now

[nickm]

commit d891010fdd4562e29a5a468232cd7b30430d7570
Author: rl1987 
Date:   Tue Feb 20 19:52:48 2018 +0100

Allow alphanumeric TLDs in test for now
---
 src/test/test_util.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/test/test_util.c b/src/test/test_util.c
index ef1f420fe..ee9b16494 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5589,11 +5589,10 @@ test_util_hostname_validation(void *arg)
   tt_assert(!string_is_valid_hostname("[2a00:1450:401b:800::200e]"));
   tt_assert(!string_is_valid_hostname("2a00:1450:401b:800::200e"));
 
-  // Last label of a hostname is required to be alphabetic according to
-  // RFC 1123 Section 2.1.
-  tt_assert(!string_is_valid_hostname("lucky.13"));
-  tt_assert(!string_is_valid_hostname("luck.y13"));
-  tt_assert(!string_is_valid_hostname("luck.y13."));
+  // We allow alphanumeric TLDs. For discussion, see ticket #25055.
+  tt_assert(string_is_valid_hostname("lucky.13"));
+  tt_assert(string_is_valid_hostname("luck.y13"));
+  tt_assert(string_is_valid_hostname("luck.y13."));
 
   // We allow punycode TLDs. For examples, see
   // http://data.iana.org/TLD/tlds-alpha-by-domain.txt



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Also test bracket-less IPv6 string validation

[nickm]

commit 12afd8bfed96c57cd47b18644c2030673496a74f
Author: rl1987 
Date:   Mon Feb 12 21:16:38 2018 +0100

Also test bracket-less IPv6 string validation
---
 src/test/test_socks.c | 17 +
 1 file changed, 17 insertions(+)

diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 3f9cc887b..8da7191e8 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -365,6 +365,23 @@ test_socks_5_supported_commands(void *ptr)
 
   socks_request_clear(socks);
 
+  /* Also allow bracket-less form. */
+
+  ADD_DATA(buf, "\x05\x01\x00");
+  ADD_DATA(buf, "\x05\xF0\x00\x03\x27");
+  ADD_DATA(buf, "2001:0db8:85a3:::8a2e:0370:7334");
+  ADD_DATA(buf, "\x01\x02");
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1),
+OP_EQ, 1);
+
+  tt_str_op("2001:0db8:85a3:::8a2e:0370:7334", OP_EQ,
+socks->address);
+  tt_int_op(258, OP_EQ, socks->port);
+
+  tt_int_op(0, OP_EQ, buf_datalen(buf));
+
+  socks_request_clear(socks);
+
   /* SOCKS 5 Send RESOLVE_PTR [F1] for IP address 2.2.2.5 */
   ADD_DATA(buf, "\x05\x01\x00");
   ADD_DATA(buf, "\x05\xF1\x00\x01\x02\x02\x02\x05\x01\x03");



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Simplify hostname validation code

[nickm]

commit ee1fca727cd739ba94c215a4a45a416bfcc8956e
Author: rl1987 
Date:   Mon Feb 19 21:08:51 2018 +0100

Simplify hostname validation code
---
 src/common/util.c | 26 +++---
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index a55f7a3cd..1402462fb 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1113,6 +1113,9 @@ string_is_valid_hostname(const char *string)
   if (!string || strlen(string) == 0)
 return 0;
 
+  if (string_is_valid_ipv4_address(string))
+return 0;
+
   components = smartlist_new();
 
   smartlist_split_string(components,string,".",0,0);
@@ -1134,25 +1137,10 @@ string_is_valid_hostname(const char *string)
   break;
 }
 
-if (c_sl_idx == c_sl_len - 1) { // TLD validation.
-  int is_punycode = (strlen(c) > 4 &&
- (c[0] == 'X' || c[0] == 'x') &&
- (c[1] == 'N' || c[1] == 'n') &&
-  c[2] == '-' && c[3] == '-');
-
-  if (is_punycode)
-c += 4;
-
-  do {
-result = is_punycode ? TOR_ISALNUM(*c) : TOR_ISALPHA(*c);
-c++;
-  } while (result && *c);
-} else { // Regular hostname label validation.
-  do {
-result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
-c++;
-  } while (result > 0 && *c);
-}
+do {
+  result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
+  c++;
+} while (result > 0 && *c);
 
 if (result == 0) {
   break;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Refrain from including

[nickm]

commit 6335db9fce4275838c7de4bc10e522eb21a21ed8
Author: rl1987 
Date:   Mon Feb 12 21:26:57 2018 +0100

Refrain from including 
---
 src/common/util.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index d8891c6a5..a7eaf5389 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -100,8 +100,6 @@
 #undef MALLOC_ZERO_WORKS
 #endif
 
-#include 
-
 /* =
  * Memory management
  * = */
@@ -1128,12 +1126,12 @@ string_is_valid_hostname(const char *string)
 
 if (c_sl_idx == c_sl_len - 1) {
   do {
-result = isalpha(*c);
+result = TOR_ISALPHA(*c);
 c++;
   } while (result && *c);
 } else {
   do {
-result = (isalnum(*c) || (*c == '-') || (*c == '_'));
+result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
 c++;
   } while (result > 0 && *c);
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.3'

[nickm]

commit 6317aa2cc03a3b7a6f9fd4a4bdd99447f7914493
Merge: fa6eaab83 d416e208e
Author: Nick Mathewson 
Date:   Wed Mar 28 07:50:47 2018 -0400

Merge branch 'maint-0.3.3'

 changes/bugs_25036_25055 |  7 +
 src/common/util.c| 72 ++--
 src/common/util.h|  3 +-
 src/or/proto_socks.c |  4 +--
 src/test/test_socks.c| 24 ++--
 src/test/test_util.c | 68 +++--
 6 files changed, 138 insertions(+), 40 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Validate hostnames with punycode TLDs correctly

[nickm]

commit dbb7c8e6fd757db51226a47a2e14f4fd1aaf60c3
Author: rl1987 
Date:   Sat Feb 17 21:49:02 2018 +0100

Validate hostnames with punycode TLDs correctly
---
 src/common/util.c| 17 +
 src/test/test_util.c |  4 
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 096188cfc..a55f7a3cd 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1119,7 +1119,8 @@ string_is_valid_hostname(const char *string)
 
   /* Allow a single terminating '.' used rarely to indicate domains
* are FQDNs rather than relative. */
-  last_label = (char *)smartlist_get(components, smartlist_len(components) - 
1);
+  last_label = (char *)smartlist_get(components,
+ smartlist_len(components) - 1);
   has_trailing_dot = (last_label[0] == '\0');
   if (has_trailing_dot) {
 smartlist_pop_last(components);
@@ -1133,12 +1134,20 @@ string_is_valid_hostname(const char *string)
   break;
 }
 
-if (c_sl_idx == c_sl_len - 1) {
+if (c_sl_idx == c_sl_len - 1) { // TLD validation.
+  int is_punycode = (strlen(c) > 4 &&
+ (c[0] == 'X' || c[0] == 'x') &&
+ (c[1] == 'N' || c[1] == 'n') &&
+  c[2] == '-' && c[3] == '-');
+
+  if (is_punycode)
+c += 4;
+
   do {
-result = TOR_ISALPHA(*c);
+result = is_punycode ? TOR_ISALNUM(*c) : TOR_ISALPHA(*c);
 c++;
   } while (result && *c);
-} else {
+} else { // Regular hostname label validation.
   do {
 result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
 c++;
diff --git a/src/test/test_util.c b/src/test/test_util.c
index db2ea1a34..ef1f420fe 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5595,6 +5595,10 @@ test_util_hostname_validation(void *arg)
   tt_assert(!string_is_valid_hostname("luck.y13"));
   tt_assert(!string_is_valid_hostname("luck.y13."));
 
+  // We allow punycode TLDs. For examples, see
+  // http://data.iana.org/TLD/tlds-alpha-by-domain.txt
+  tt_assert(string_is_valid_hostname("example.xn--l1acc"));
+
   done:
   return;
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Don't explode on NULL or empty string

[nickm]

commit 6b6d003f43cbbf01b40cedb0cc12ada2e81461f9
Author: rl1987 
Date:   Wed Feb 21 20:23:21 2018 +0100

Don't explode on NULL or empty string
---
 src/common/util.c|  9 +++--
 src/test/test_util.c | 13 +
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 1402462fb..53e117f24 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1081,8 +1081,13 @@ string_is_valid_dest(const char *string)
   int retval;
   size_t len = strlen(string);
 
-  tor_assert(string);
-  tor_assert(len > 0);
+  if (string == NULL)
+return 0;
+
+  len = strlen(string);
+
+  if (len == 0)
+return 0;
 
   if (string[0] == '[' && string[len - 1] == ']')
 string = tmp = tor_strndup(string + 1, len - 2);
diff --git a/src/test/test_util.c b/src/test/test_util.c
index ee9b16494..c734426a5 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5542,6 +5542,18 @@ test_util_max_mem(void *arg)
 }
 
 static void
+test_util_dest_validation_edgecase(void *arg)
+{
+  (void)arg;
+
+  tt_assert(!string_is_valid_dest(NULL));
+  tt_assert(!string_is_valid_dest(""));
+
+  done:
+  return;
+}
+
+static void
 test_util_hostname_validation(void *arg)
 {
   (void)arg;
@@ -6222,6 +6234,7 @@ struct testcase_t util_tests[] = {
 _setup, (void*)"1" },
   UTIL_TEST(max_mem, 0),
   UTIL_TEST(hostname_validation, 0),
+  UTIL_TEST(dest_validation_edgecase, 0),
   UTIL_TEST(ipv4_validation, 0),
   UTIL_TEST(writepid, 0),
   UTIL_TEST(get_avail_disk_space, 0),



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Allow IPv6 address strings to be used as hostnames in SOCKS5 requests

[nickm]

commit 0e453929d21b030832b0c48fceac0c5688657e15
Author: rl1987 
Date:   Sun Feb 11 15:22:41 2018 +0100

Allow IPv6 address strings to be used as hostnames in SOCKS5 requests
---
 src/common/util.c | 11 +++
 src/common/util.h |  1 +
 src/or/proto_socks.c  |  4 ++--
 src/test/test_socks.c |  9 +
 4 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 90204befc..1818b4f19 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1071,6 +1071,17 @@ string_is_valid_ipv6_address(const char *string)
   return (tor_inet_pton(AF_INET6,string,) == 1);
 }
 
+/** Return true iff string is a valid destination address,
+ * i.e. either a DNS hostname or IPv4/IPv6 address string.
+ */
+int
+string_is_valid_dest(const char *string)
+{
+  return string_is_valid_ipv4_address(string) ||
+string_is_valid_ipv6_address(string) ||
+string_is_valid_hostname(string);
+}
+
 /** Return true iff string matches a pattern of DNS names
  * that we allow Tor clients to connect to.
  *
diff --git a/src/common/util.h b/src/common/util.h
index 2ee0ea28c..d6bda8036 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -233,6 +233,7 @@ const char *find_str_at_start_of_line(const char *haystack,
   const char *needle);
 int string_is_C_identifier(const char *string);
 int string_is_key_value(int severity, const char *string);
+int string_is_valid_dest(const char *string);
 int string_is_valid_hostname(const char *string);
 int string_is_valid_ipv4_address(const char *string);
 int string_is_valid_ipv6_address(const char *string);
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index 91633d02a..8700fe126 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -393,7 +393,7 @@ parse_socks(const char *data, size_t datalen, 
socks_request_t *req,
   req->port = ntohs(get_uint16(data+5+len));
   *drain_out = 5+len+2;
 
-  if (!string_is_valid_hostname(req->address)) {
+  if (!string_is_valid_dest(req->address)) {
 socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
 
 log_warn(LD_PROTOCOL,
@@ -518,7 +518,7 @@ parse_socks(const char *data, size_t datalen, 
socks_request_t *req,
   log_debug(LD_APP,"socks4: Everything is here. Success.");
   strlcpy(req->address, startaddr ? startaddr : tmpbuf,
   sizeof(req->address));
-  if (!string_is_valid_hostname(req->address)) {
+  if (!string_is_valid_dest(req->address)) {
 log_warn(LD_PROTOCOL,
  "Your application (using socks4 to port %d) gave Tor "
  "a malformed hostname: %s. Rejecting the connection.",
diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 9ae7530e2..70509e43e 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -347,17 +347,18 @@ test_socks_5_supported_commands(void *ptr)
 
   socks_request_clear(socks);
 
-  /* SOCKS 5 should NOT reject RESOLVE [F0] reject for IPv6 address
+  /* SOCKS 5 should NOT reject RESOLVE [F0] request for IPv6 address
* string if SafeSocks is enabled. */
 
   ADD_DATA(buf, "\x05\x01\x00");
-  ADD_DATA(buf, "\x05\xF0\x00\x03\x27");
-  ADD_DATA(buf, "2001:0db8:85a3:::8a2e:0370:7334");
+  ADD_DATA(buf, "\x05\xF0\x00\x03\x29");
+  ADD_DATA(buf, "[2001:0db8:85a3:::8a2e:0370:7334]");
   ADD_DATA(buf, "\x01\x02");
   tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1),
 OP_EQ, -1);
 
-  tt_str_op("2001:0db8:85a3:::8a2e:0370:7334", OP_EQ, socks->address);
+  tt_str_op("[2001:0db8:85a3:::8a2e:0370:7334]", OP_EQ,
+socks->address);
   tt_int_op(258, OP_EQ, socks->port);
 
   tt_int_op(0, OP_EQ, buf_datalen(buf));



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Call strlen() once

[nickm]

commit 5986589b48de6addf99436df1feeea1362767acb
Author: rl1987 
Date:   Mon Feb 12 21:08:17 2018 +0100

Call strlen() once
---
 src/common/util.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index ea0ec3dae..d8891c6a5 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1081,12 +1081,13 @@ string_is_valid_dest(const char *string)
 {
   char *tmp = NULL;
   int retval;
+  size_t len = strlen(string);
 
   tor_assert(string);
-  tor_assert(strlen(string) > 0);
+  tor_assert(len > 0);
 
-  if (string[0] == '[' && string[strlen(string) - 1] == ']')
-string = tmp = tor_strndup(string + 1, strlen(string) - 2);
+  if (string[0] == '[' && string[len - 1] == ']')
+string = tmp = tor_strndup(string + 1, len - 2);
 
   retval = string_is_valid_ipv4_address(string) ||
 string_is_valid_ipv6_address(string) ||



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Tweak loop condition

[nickm]

commit a28e350cff1572a1e5a0c5df93f6e6005904689a
Author: rl1987 
Date:   Wed Feb 21 20:25:24 2018 +0100

Tweak loop condition
---
 src/common/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/util.c b/src/common/util.c
index 53e117f24..497b60be1 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1145,7 +1145,7 @@ string_is_valid_hostname(const char *string)
 do {
   result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
   c++;
-} while (result > 0 && *c);
+} while (result && *c);
 
 if (result == 0) {
   break;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Adding changes file

[nickm]

commit df529c60936ef290c917d09d51820680cd31cc8b
Author: rl1987 
Date:   Sun Feb 11 18:16:51 2018 +0100

Adding changes file
---
 changes/bugs_25036_25055 | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/changes/bugs_25036_25055 b/changes/bugs_25036_25055
new file mode 100644
index 0..daa46321c
--- /dev/null
+++ b/changes/bugs_25036_25055
@@ -0,0 +1,7 @@
+  o Minor bugfixes (networking):
+- Tor will not reject IPv6 address strings from TorBrowser when they
+  are passed as hostnames in SOCKS5 requests. Fixes bug 25036,
+  bugfix on Tor 0.3.1.2.
+- string_is_valid_hostname() will not consider IP strings to be valid
+  hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5.
+



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Rename string_is_valid_hostname -> string_is_valid_nonrfc_hostname

[nickm]

commit b504c854d34a938943f68c3036840f10a84fcea4
Author: Nick Mathewson 
Date:   Wed Mar 28 07:42:27 2018 -0400

Rename string_is_valid_hostname -> string_is_valid_nonrfc_hostname

Per discussion on 25055.
---
 src/common/util.c|  4 ++--
 src/common/util.h|  2 +-
 src/test/test_util.c | 55 ++--
 3 files changed, 31 insertions(+), 30 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 5ae4d0408..90aaf0ebe 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1094,7 +1094,7 @@ string_is_valid_dest(const char *string)
 
   retval = string_is_valid_ipv4_address(string) ||
 string_is_valid_ipv6_address(string) ||
-string_is_valid_hostname(string);
+string_is_valid_nonrfc_hostname(string);
 
   tor_free(tmp);
 
@@ -1108,7 +1108,7 @@ string_is_valid_dest(const char *string)
  * with misconfigured zones that have been encountered in the wild.
  */
 int
-string_is_valid_hostname(const char *string)
+string_is_valid_nonrfc_hostname(const char *string)
 {
   int result = 1;
   int has_trailing_dot;
diff --git a/src/common/util.h b/src/common/util.h
index d6bda8036..938078912 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -234,7 +234,7 @@ const char *find_str_at_start_of_line(const char *haystack,
 int string_is_C_identifier(const char *string);
 int string_is_key_value(int severity, const char *string);
 int string_is_valid_dest(const char *string);
-int string_is_valid_hostname(const char *string);
+int string_is_valid_nonrfc_hostname(const char *string);
 int string_is_valid_ipv4_address(const char *string);
 int string_is_valid_ipv6_address(const char *string);
 
diff --git a/src/test/test_util.c b/src/test/test_util.c
index c734426a5..036f739b8 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5559,56 +5559,57 @@ test_util_hostname_validation(void *arg)
   (void)arg;
 
   // Lets try valid hostnames first.
-  tt_assert(string_is_valid_hostname("torproject.org"));
-  tt_assert(string_is_valid_hostname("ocw.mit.edu"));
-  tt_assert(string_is_valid_hostname("i.4cdn.org"));
-  tt_assert(string_is_valid_hostname("stanford.edu"));
-  tt_assert(string_is_valid_hostname("multiple-words-with-hypens.jp"));
+  tt_assert(string_is_valid_nonrfc_hostname("torproject.org"));
+  tt_assert(string_is_valid_nonrfc_hostname("ocw.mit.edu"));
+  tt_assert(string_is_valid_nonrfc_hostname("i.4cdn.org"));
+  tt_assert(string_is_valid_nonrfc_hostname("stanford.edu"));
+  tt_assert(string_is_valid_nonrfc_hostname("multiple-words-with-hypens.jp"));
 
   // Subdomain name cannot start with '-' or '_'.
-  tt_assert(!string_is_valid_hostname("-torproject.org"));
-  tt_assert(!string_is_valid_hostname("subdomain.-domain.org"));
-  tt_assert(!string_is_valid_hostname("-subdomain.domain.org"));
-  tt_assert(!string_is_valid_hostname("___abc.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("-torproject.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("subdomain.-domain.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("-subdomain.domain.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("___abc.org"));
 
   // Hostnames cannot contain non-alphanumeric characters.
-  tt_assert(!string_is_valid_hostname("%%domain.\\org."));
-  tt_assert(!string_is_valid_hostname("***x.net"));
-  tt_assert(!string_is_valid_hostname("\xff\xffxyz.org"));
-  tt_assert(!string_is_valid_hostname("word1 word2.net"));
+  tt_assert(!string_is_valid_nonrfc_hostname("%%domain.\\org."));
+  tt_assert(!string_is_valid_nonrfc_hostname("***x.net"));
+  tt_assert(!string_is_valid_nonrfc_hostname("\xff\xffxyz.org"));
+  tt_assert(!string_is_valid_nonrfc_hostname("word1 word2.net"));
 
   // Test workaround for nytimes.com stupidity, technically invalid,
   // but we allow it since they are big, even though they are failing to
   // comply with a ~30 year old standard.
-  tt_assert(string_is_valid_hostname("core3_euw1.fabrik.nytimes.com"));
+  tt_assert(string_is_valid_nonrfc_hostname("core3_euw1.fabrik.nytimes.com"));
 
   // Firefox passes FQDNs with trailing '.'s  directly to the SOCKS proxy,
   // which is redundant since the spec states DOMAINNAME addresses are fully
   // qualified.  While unusual, this should be tollerated.
-  tt_assert(string_is_valid_hostname("core9_euw1.fabrik.nytimes.com."));
-  tt_assert(!string_is_valid_hostname("..washingtonpost.is.better.com"));
-  tt_assert(!string_is_valid_hostname("so.is..ft.com"));
-  tt_assert(!string_is_valid_hostname("..."));
+  tt_assert(string_is_valid_nonrfc_hostname("core9_euw1.fabrik.nytimes.com."));
+  tt_assert(!string_is_valid_nonrfc_hostname(
+ "..washingtonpost.is.better.com"));
+  tt_assert(!string_is_valid_nonrfc_hostname("so.is..ft.com"));
+  tt_assert(!string_is_valid_nonrfc_hostname("..."));
 
   // XXX: do we allow single-label DNS names?
   // We shouldn't for SOCKS (spec says "contains a fully-qualified 

[tor-commits] [tor/master] Don't explode on NULL or empty string

[nickm]

commit 6b6d003f43cbbf01b40cedb0cc12ada2e81461f9
Author: rl1987 
Date:   Wed Feb 21 20:23:21 2018 +0100

Don't explode on NULL or empty string
---
 src/common/util.c|  9 +++--
 src/test/test_util.c | 13 +
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 1402462fb..53e117f24 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1081,8 +1081,13 @@ string_is_valid_dest(const char *string)
   int retval;
   size_t len = strlen(string);
 
-  tor_assert(string);
-  tor_assert(len > 0);
+  if (string == NULL)
+return 0;
+
+  len = strlen(string);
+
+  if (len == 0)
+return 0;
 
   if (string[0] == '[' && string[len - 1] == ']')
 string = tmp = tor_strndup(string + 1, len - 2);
diff --git a/src/test/test_util.c b/src/test/test_util.c
index ee9b16494..c734426a5 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5542,6 +5542,18 @@ test_util_max_mem(void *arg)
 }
 
 static void
+test_util_dest_validation_edgecase(void *arg)
+{
+  (void)arg;
+
+  tt_assert(!string_is_valid_dest(NULL));
+  tt_assert(!string_is_valid_dest(""));
+
+  done:
+  return;
+}
+
+static void
 test_util_hostname_validation(void *arg)
 {
   (void)arg;
@@ -6222,6 +6234,7 @@ struct testcase_t util_tests[] = {
 _setup, (void*)"1" },
   UTIL_TEST(max_mem, 0),
   UTIL_TEST(hostname_validation, 0),
+  UTIL_TEST(dest_validation_edgecase, 0),
   UTIL_TEST(ipv4_validation, 0),
   UTIL_TEST(writepid, 0),
   UTIL_TEST(get_avail_disk_space, 0),



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Add a paranoia check in string_is_valid_nonrfc_hostname()

[nickm]

commit d4bf1f6c8eb08c39def69c839515afe475bf0a6b
Author: Nick Mathewson 
Date:   Wed Mar 28 07:48:18 2018 -0400

Add a paranoia check in string_is_valid_nonrfc_hostname()

The earlier checks in this function should ensure that components is
always nonempty.  But in case somebody messes with them in the
future, let's add an extra check to make sure we aren't crashing.
---
 src/common/util.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/common/util.c b/src/common/util.c
index 90aaf0ebe..a68fd30d0 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1125,6 +1125,9 @@ string_is_valid_nonrfc_hostname(const char *string)
 
   smartlist_split_string(components,string,".",0,0);
 
+  if (BUG(smartlist_len(components) == 0))
+return 0; // LCOV_EXCL_LINE should be impossible given the earlier checks.
+
   /* Allow a single terminating '.' used rarely to indicate domains
* are FQDNs rather than relative. */
   last_label = (char *)smartlist_get(components,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Validate hostnames with punycode TLDs correctly

[nickm]

commit dbb7c8e6fd757db51226a47a2e14f4fd1aaf60c3
Author: rl1987 
Date:   Sat Feb 17 21:49:02 2018 +0100

Validate hostnames with punycode TLDs correctly
---
 src/common/util.c| 17 +
 src/test/test_util.c |  4 
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 096188cfc..a55f7a3cd 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1119,7 +1119,8 @@ string_is_valid_hostname(const char *string)
 
   /* Allow a single terminating '.' used rarely to indicate domains
* are FQDNs rather than relative. */
-  last_label = (char *)smartlist_get(components, smartlist_len(components) - 
1);
+  last_label = (char *)smartlist_get(components,
+ smartlist_len(components) - 1);
   has_trailing_dot = (last_label[0] == '\0');
   if (has_trailing_dot) {
 smartlist_pop_last(components);
@@ -1133,12 +1134,20 @@ string_is_valid_hostname(const char *string)
   break;
 }
 
-if (c_sl_idx == c_sl_len - 1) {
+if (c_sl_idx == c_sl_len - 1) { // TLD validation.
+  int is_punycode = (strlen(c) > 4 &&
+ (c[0] == 'X' || c[0] == 'x') &&
+ (c[1] == 'N' || c[1] == 'n') &&
+  c[2] == '-' && c[3] == '-');
+
+  if (is_punycode)
+c += 4;
+
   do {
-result = TOR_ISALPHA(*c);
+result = is_punycode ? TOR_ISALNUM(*c) : TOR_ISALPHA(*c);
 c++;
   } while (result && *c);
-} else {
+} else { // Regular hostname label validation.
   do {
 result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
 c++;
diff --git a/src/test/test_util.c b/src/test/test_util.c
index db2ea1a34..ef1f420fe 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5595,6 +5595,10 @@ test_util_hostname_validation(void *arg)
   tt_assert(!string_is_valid_hostname("luck.y13"));
   tt_assert(!string_is_valid_hostname("luck.y13."));
 
+  // We allow punycode TLDs. For examples, see
+  // http://data.iana.org/TLD/tlds-alpha-by-domain.txt
+  tt_assert(string_is_valid_hostname("example.xn--l1acc"));
+
   done:
   return;
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Test TLD validation

[nickm]

commit db850fec3ac402084a9036c0ea7b4523f1120eb1
Author: rl1987 
Date:   Mon Feb 12 22:20:45 2018 +0100

Test TLD validation
---
 src/test/test_util.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/src/test/test_util.c b/src/test/test_util.c
index 2fa03e5bc..db2ea1a34 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5589,6 +5589,12 @@ test_util_hostname_validation(void *arg)
   tt_assert(!string_is_valid_hostname("[2a00:1450:401b:800::200e]"));
   tt_assert(!string_is_valid_hostname("2a00:1450:401b:800::200e"));
 
+  // Last label of a hostname is required to be alphabetic according to
+  // RFC 1123 Section 2.1.
+  tt_assert(!string_is_valid_hostname("lucky.13"));
+  tt_assert(!string_is_valid_hostname("luck.y13"));
+  tt_assert(!string_is_valid_hostname("luck.y13."));
+
   done:
   return;
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'bugs25036_25055_clean_033' into maint-0.3.3

[nickm]

commit d416e208e4e94c2b4ccd4e11013151c72180faff
Merge: ddee28a3c d4bf1f6c8
Author: Nick Mathewson 
Date:   Wed Mar 28 07:49:34 2018 -0400

Merge branch 'bugs25036_25055_clean_033' into maint-0.3.3

 changes/bugs_25036_25055 |  7 +
 src/common/util.c| 72 ++--
 src/common/util.h|  3 +-
 src/or/proto_socks.c |  4 +--
 src/test/test_socks.c| 24 ++--
 src/test/test_util.c | 68 +++--
 6 files changed, 138 insertions(+), 40 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Tweak loop condition

[nickm]

commit a28e350cff1572a1e5a0c5df93f6e6005904689a
Author: rl1987 
Date:   Wed Feb 21 20:25:24 2018 +0100

Tweak loop condition
---
 src/common/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/util.c b/src/common/util.c
index 53e117f24..497b60be1 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1145,7 +1145,7 @@ string_is_valid_hostname(const char *string)
 do {
   result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
   c++;
-} while (result > 0 && *c);
+} while (result && *c);
 
 if (result == 0) {
   break;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix bracketed IPv6 string validation

[nickm]

commit b0ba4aa7e98af030e0e1be19a58ab7a6f00fa423
Author: rl1987 
Date:   Mon Feb 12 19:52:47 2018 +0100

Fix bracketed IPv6 string validation
---
 src/common/util.c | 15 ++-
 src/test/test_socks.c |  2 +-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 7c715fb3c..ea0ec3dae 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1079,9 +1079,22 @@ string_is_valid_ipv6_address(const char *string)
 int
 string_is_valid_dest(const char *string)
 {
-  return string_is_valid_ipv4_address(string) ||
+  char *tmp = NULL;
+  int retval;
+
+  tor_assert(string);
+  tor_assert(strlen(string) > 0);
+
+  if (string[0] == '[' && string[strlen(string) - 1] == ']')
+string = tmp = tor_strndup(string + 1, strlen(string) - 2);
+
+  retval = string_is_valid_ipv4_address(string) ||
 string_is_valid_ipv6_address(string) ||
 string_is_valid_hostname(string);
+
+  tor_free(tmp);
+
+  return retval;
 }
 
 /** Return true iff string matches a pattern of DNS names
diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 70509e43e..3f9cc887b 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -355,7 +355,7 @@ test_socks_5_supported_commands(void *ptr)
   ADD_DATA(buf, "[2001:0db8:85a3:::8a2e:0370:7334]");
   ADD_DATA(buf, "\x01\x02");
   tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1),
-OP_EQ, -1);
+OP_EQ, 1);
 
   tt_str_op("[2001:0db8:85a3:::8a2e:0370:7334]", OP_EQ,
 socks->address);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Do not consider IP strings valid DNS names. Fixes #25055

[nickm]

commit 1af016e96e133718546b55c8b7fafd3345aaeeb8
Author: rl1987 
Date:   Sun Feb 11 16:39:23 2018 +0100

Do not consider IP strings valid DNS names. Fixes #25055
---
 src/common/util.c| 23 +++
 src/test/test_util.c |  5 +
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 1818b4f19..7c715fb3c 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -100,6 +100,8 @@
 #undef MALLOC_ZERO_WORKS
 #endif
 
+#include 
+
 /* =
  * Memory management
  * = */
@@ -1110,16 +1112,21 @@ string_is_valid_hostname(const char *string)
   continue;
 }
 
-do {
-  if ((*c >= 'a' && *c <= 'z') ||
-  (*c >= 'A' && *c <= 'Z') ||
-  (*c >= '0' && *c <= '9') ||
-  (*c == '-') || (*c == '_'))
+if (c_sl_idx == c_sl_len - 1) {
+  do {
+result = isalpha(*c);
 c++;
-  else
-result = 0;
-} while (result && *c);
+  } while (result && *c);
+} else {
+  do {
+result = (isalnum(*c) || (*c == '-') || (*c == '_'));
+c++;
+  } while (result > 0 && *c);
+}
 
+if (result == 0) {
+  break;
+}
   } SMARTLIST_FOREACH_END(c);
 
   SMARTLIST_FOREACH_BEGIN(components, char *, c) {
diff --git a/src/test/test_util.c b/src/test/test_util.c
index b67fad58e..2fa03e5bc 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5584,6 +5584,11 @@ test_util_hostname_validation(void *arg)
   tt_assert(!string_is_valid_hostname("."));
   tt_assert(!string_is_valid_hostname(".."));
 
+  // IP address strings are not hostnames.
+  tt_assert(!string_is_valid_hostname("8.8.8.8"));
+  tt_assert(!string_is_valid_hostname("[2a00:1450:401b:800::200e]"));
+  tt_assert(!string_is_valid_hostname("2a00:1450:401b:800::200e"));
+
   done:
   return;
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Refrain from including

[nickm]

commit 6335db9fce4275838c7de4bc10e522eb21a21ed8
Author: rl1987 
Date:   Mon Feb 12 21:26:57 2018 +0100

Refrain from including 
---
 src/common/util.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index d8891c6a5..a7eaf5389 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -100,8 +100,6 @@
 #undef MALLOC_ZERO_WORKS
 #endif
 
-#include 
-
 /* =
  * Memory management
  * = */
@@ -1128,12 +1126,12 @@ string_is_valid_hostname(const char *string)
 
 if (c_sl_idx == c_sl_len - 1) {
   do {
-result = isalpha(*c);
+result = TOR_ISALPHA(*c);
 c++;
   } while (result && *c);
 } else {
   do {
-result = (isalnum(*c) || (*c == '-') || (*c == '_'));
+result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
 c++;
   } while (result > 0 && *c);
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Improve handling of trailing dot

[nickm]

commit 4413e52f9e2e3898f870df481aea93b1ea5fd836
Author: rl1987 
Date:   Mon Feb 12 22:21:10 2018 +0100

Improve handling of trailing dot
---
 src/common/util.c | 21 +++--
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index a7eaf5389..096188cfc 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1106,24 +1106,33 @@ int
 string_is_valid_hostname(const char *string)
 {
   int result = 1;
+  int has_trailing_dot;
+  char *last_label;
   smartlist_t *components;
 
+  if (!string || strlen(string) == 0)
+return 0;
+
   components = smartlist_new();
 
   smartlist_split_string(components,string,".",0,0);
 
+  /* Allow a single terminating '.' used rarely to indicate domains
+   * are FQDNs rather than relative. */
+  last_label = (char *)smartlist_get(components, smartlist_len(components) - 
1);
+  has_trailing_dot = (last_label[0] == '\0');
+  if (has_trailing_dot) {
+smartlist_pop_last(components);
+tor_free(last_label);
+last_label = NULL;
+  }
+
   SMARTLIST_FOREACH_BEGIN(components, char *, c) {
 if ((c[0] == '-') || (*c == '_')) {
   result = 0;
   break;
 }
 
-/* Allow a single terminating '.' used rarely to indicate domains
- * are FQDNs rather than relative. */
-if ((c_sl_idx > 0) && (c_sl_idx + 1 == c_sl_len) && !*c) {
-  continue;
-}
-
 if (c_sl_idx == c_sl_len - 1) {
   do {
 result = TOR_ISALPHA(*c);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.3] Fix bracketed IPv6 string validation

[nickm]

commit b0ba4aa7e98af030e0e1be19a58ab7a6f00fa423
Author: rl1987 
Date:   Mon Feb 12 19:52:47 2018 +0100

Fix bracketed IPv6 string validation
---
 src/common/util.c | 15 ++-
 src/test/test_socks.c |  2 +-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 7c715fb3c..ea0ec3dae 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1079,9 +1079,22 @@ string_is_valid_ipv6_address(const char *string)
 int
 string_is_valid_dest(const char *string)
 {
-  return string_is_valid_ipv4_address(string) ||
+  char *tmp = NULL;
+  int retval;
+
+  tor_assert(string);
+  tor_assert(strlen(string) > 0);
+
+  if (string[0] == '[' && string[strlen(string) - 1] == ']')
+string = tmp = tor_strndup(string + 1, strlen(string) - 2);
+
+  retval = string_is_valid_ipv4_address(string) ||
 string_is_valid_ipv6_address(string) ||
 string_is_valid_hostname(string);
+
+  tor_free(tmp);
+
+  return retval;
 }
 
 /** Return true iff string matches a pattern of DNS names
diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 70509e43e..3f9cc887b 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -355,7 +355,7 @@ test_socks_5_supported_commands(void *ptr)
   ADD_DATA(buf, "[2001:0db8:85a3:::8a2e:0370:7334]");
   ADD_DATA(buf, "\x01\x02");
   tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1),
-OP_EQ, -1);
+OP_EQ, 1);
 
   tt_str_op("[2001:0db8:85a3:::8a2e:0370:7334]", OP_EQ,
 socks->address);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Simplify hostname validation code

[nickm]

commit ee1fca727cd739ba94c215a4a45a416bfcc8956e
Author: rl1987 
Date:   Mon Feb 19 21:08:51 2018 +0100

Simplify hostname validation code
---
 src/common/util.c | 26 +++---
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index a55f7a3cd..1402462fb 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1113,6 +1113,9 @@ string_is_valid_hostname(const char *string)
   if (!string || strlen(string) == 0)
 return 0;
 
+  if (string_is_valid_ipv4_address(string))
+return 0;
+
   components = smartlist_new();
 
   smartlist_split_string(components,string,".",0,0);
@@ -1134,25 +1137,10 @@ string_is_valid_hostname(const char *string)
   break;
 }
 
-if (c_sl_idx == c_sl_len - 1) { // TLD validation.
-  int is_punycode = (strlen(c) > 4 &&
- (c[0] == 'X' || c[0] == 'x') &&
- (c[1] == 'N' || c[1] == 'n') &&
-  c[2] == '-' && c[3] == '-');
-
-  if (is_punycode)
-c += 4;
-
-  do {
-result = is_punycode ? TOR_ISALNUM(*c) : TOR_ISALPHA(*c);
-c++;
-  } while (result && *c);
-} else { // Regular hostname label validation.
-  do {
-result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
-c++;
-  } while (result > 0 && *c);
-}
+do {
+  result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
+  c++;
+} while (result > 0 && *c);
 
 if (result == 0) {
   break;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Don't strlen before checking for NULL

[nickm]

commit 09351c34e9bea4d29fb6f4ac8d40e3bee49e12fc
Author: rl1987 
Date:   Thu Feb 22 19:52:40 2018 +0100

Don't strlen before checking for NULL
---
 src/common/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/util.c b/src/common/util.c
index 497b60be1..5ae4d0408 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1079,7 +1079,7 @@ string_is_valid_dest(const char *string)
 {
   char *tmp = NULL;
   int retval;
-  size_t len = strlen(string);
+  size_t len;
 
   if (string == NULL)
 return 0;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Refrain from including

[nickm]

commit 6335db9fce4275838c7de4bc10e522eb21a21ed8
Author: rl1987 
Date:   Mon Feb 12 21:26:57 2018 +0100

Refrain from including 
---
 src/common/util.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index d8891c6a5..a7eaf5389 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -100,8 +100,6 @@
 #undef MALLOC_ZERO_WORKS
 #endif
 
-#include 
-
 /* =
  * Memory management
  * = */
@@ -1128,12 +1126,12 @@ string_is_valid_hostname(const char *string)
 
 if (c_sl_idx == c_sl_len - 1) {
   do {
-result = isalpha(*c);
+result = TOR_ISALPHA(*c);
 c++;
   } while (result && *c);
 } else {
   do {
-result = (isalnum(*c) || (*c == '-') || (*c == '_'));
+result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
 c++;
   } while (result > 0 && *c);
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Allow alphanumeric TLDs in test for now

[nickm]

commit d891010fdd4562e29a5a468232cd7b30430d7570
Author: rl1987 
Date:   Tue Feb 20 19:52:48 2018 +0100

Allow alphanumeric TLDs in test for now
---
 src/test/test_util.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/test/test_util.c b/src/test/test_util.c
index ef1f420fe..ee9b16494 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5589,11 +5589,10 @@ test_util_hostname_validation(void *arg)
   tt_assert(!string_is_valid_hostname("[2a00:1450:401b:800::200e]"));
   tt_assert(!string_is_valid_hostname("2a00:1450:401b:800::200e"));
 
-  // Last label of a hostname is required to be alphabetic according to
-  // RFC 1123 Section 2.1.
-  tt_assert(!string_is_valid_hostname("lucky.13"));
-  tt_assert(!string_is_valid_hostname("luck.y13"));
-  tt_assert(!string_is_valid_hostname("luck.y13."));
+  // We allow alphanumeric TLDs. For discussion, see ticket #25055.
+  tt_assert(string_is_valid_hostname("lucky.13"));
+  tt_assert(string_is_valid_hostname("luck.y13"));
+  tt_assert(string_is_valid_hostname("luck.y13."));
 
   // We allow punycode TLDs. For examples, see
   // http://data.iana.org/TLD/tlds-alpha-by-domain.txt



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Call strlen() once

[nickm]

commit 5986589b48de6addf99436df1feeea1362767acb
Author: rl1987 
Date:   Mon Feb 12 21:08:17 2018 +0100

Call strlen() once
---
 src/common/util.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index ea0ec3dae..d8891c6a5 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1081,12 +1081,13 @@ string_is_valid_dest(const char *string)
 {
   char *tmp = NULL;
   int retval;
+  size_t len = strlen(string);
 
   tor_assert(string);
-  tor_assert(strlen(string) > 0);
+  tor_assert(len > 0);
 
-  if (string[0] == '[' && string[strlen(string) - 1] == ']')
-string = tmp = tor_strndup(string + 1, strlen(string) - 2);
+  if (string[0] == '[' && string[len - 1] == ']')
+string = tmp = tor_strndup(string + 1, len - 2);
 
   retval = string_is_valid_ipv4_address(string) ||
 string_is_valid_ipv6_address(string) ||



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Also test bracket-less IPv6 string validation

[nickm]

commit 12afd8bfed96c57cd47b18644c2030673496a74f
Author: rl1987 
Date:   Mon Feb 12 21:16:38 2018 +0100

Also test bracket-less IPv6 string validation
---
 src/test/test_socks.c | 17 +
 1 file changed, 17 insertions(+)

diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 3f9cc887b..8da7191e8 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -365,6 +365,23 @@ test_socks_5_supported_commands(void *ptr)
 
   socks_request_clear(socks);
 
+  /* Also allow bracket-less form. */
+
+  ADD_DATA(buf, "\x05\x01\x00");
+  ADD_DATA(buf, "\x05\xF0\x00\x03\x27");
+  ADD_DATA(buf, "2001:0db8:85a3:::8a2e:0370:7334");
+  ADD_DATA(buf, "\x01\x02");
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1),
+OP_EQ, 1);
+
+  tt_str_op("2001:0db8:85a3:::8a2e:0370:7334", OP_EQ,
+socks->address);
+  tt_int_op(258, OP_EQ, socks->port);
+
+  tt_int_op(0, OP_EQ, buf_datalen(buf));
+
+  socks_request_clear(socks);
+
   /* SOCKS 5 Send RESOLVE_PTR [F1] for IP address 2.2.2.5 */
   ADD_DATA(buf, "\x05\x01\x00");
   ADD_DATA(buf, "\x05\xF1\x00\x01\x02\x02\x02\x05\x01\x03");



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Allow IPv6 address strings to be used as hostnames in SOCKS5 requests

[nickm]

commit 0e453929d21b030832b0c48fceac0c5688657e15
Author: rl1987 
Date:   Sun Feb 11 15:22:41 2018 +0100

Allow IPv6 address strings to be used as hostnames in SOCKS5 requests
---
 src/common/util.c | 11 +++
 src/common/util.h |  1 +
 src/or/proto_socks.c  |  4 ++--
 src/test/test_socks.c |  9 +
 4 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 90204befc..1818b4f19 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1071,6 +1071,17 @@ string_is_valid_ipv6_address(const char *string)
   return (tor_inet_pton(AF_INET6,string,) == 1);
 }
 
+/** Return true iff string is a valid destination address,
+ * i.e. either a DNS hostname or IPv4/IPv6 address string.
+ */
+int
+string_is_valid_dest(const char *string)
+{
+  return string_is_valid_ipv4_address(string) ||
+string_is_valid_ipv6_address(string) ||
+string_is_valid_hostname(string);
+}
+
 /** Return true iff string matches a pattern of DNS names
  * that we allow Tor clients to connect to.
  *
diff --git a/src/common/util.h b/src/common/util.h
index 2ee0ea28c..d6bda8036 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -233,6 +233,7 @@ const char *find_str_at_start_of_line(const char *haystack,
   const char *needle);
 int string_is_C_identifier(const char *string);
 int string_is_key_value(int severity, const char *string);
+int string_is_valid_dest(const char *string);
 int string_is_valid_hostname(const char *string);
 int string_is_valid_ipv4_address(const char *string);
 int string_is_valid_ipv6_address(const char *string);
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index 91633d02a..8700fe126 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -393,7 +393,7 @@ parse_socks(const char *data, size_t datalen, 
socks_request_t *req,
   req->port = ntohs(get_uint16(data+5+len));
   *drain_out = 5+len+2;
 
-  if (!string_is_valid_hostname(req->address)) {
+  if (!string_is_valid_dest(req->address)) {
 socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
 
 log_warn(LD_PROTOCOL,
@@ -518,7 +518,7 @@ parse_socks(const char *data, size_t datalen, 
socks_request_t *req,
   log_debug(LD_APP,"socks4: Everything is here. Success.");
   strlcpy(req->address, startaddr ? startaddr : tmpbuf,
   sizeof(req->address));
-  if (!string_is_valid_hostname(req->address)) {
+  if (!string_is_valid_dest(req->address)) {
 log_warn(LD_PROTOCOL,
  "Your application (using socks4 to port %d) gave Tor "
  "a malformed hostname: %s. Rejecting the connection.",
diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 9ae7530e2..70509e43e 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -347,17 +347,18 @@ test_socks_5_supported_commands(void *ptr)
 
   socks_request_clear(socks);
 
-  /* SOCKS 5 should NOT reject RESOLVE [F0] reject for IPv6 address
+  /* SOCKS 5 should NOT reject RESOLVE [F0] request for IPv6 address
* string if SafeSocks is enabled. */
 
   ADD_DATA(buf, "\x05\x01\x00");
-  ADD_DATA(buf, "\x05\xF0\x00\x03\x27");
-  ADD_DATA(buf, "2001:0db8:85a3:::8a2e:0370:7334");
+  ADD_DATA(buf, "\x05\xF0\x00\x03\x29");
+  ADD_DATA(buf, "[2001:0db8:85a3:::8a2e:0370:7334]");
   ADD_DATA(buf, "\x01\x02");
   tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1),
 OP_EQ, -1);
 
-  tt_str_op("2001:0db8:85a3:::8a2e:0370:7334", OP_EQ, socks->address);
+  tt_str_op("[2001:0db8:85a3:::8a2e:0370:7334]", OP_EQ,
+socks->address);
   tt_int_op(258, OP_EQ, socks->port);
 
   tt_int_op(0, OP_EQ, buf_datalen(buf));



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.3] Validate hostnames with punycode TLDs correctly

[nickm]

commit dbb7c8e6fd757db51226a47a2e14f4fd1aaf60c3
Author: rl1987 
Date:   Sat Feb 17 21:49:02 2018 +0100

Validate hostnames with punycode TLDs correctly
---
 src/common/util.c| 17 +
 src/test/test_util.c |  4 
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 096188cfc..a55f7a3cd 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1119,7 +1119,8 @@ string_is_valid_hostname(const char *string)
 
   /* Allow a single terminating '.' used rarely to indicate domains
* are FQDNs rather than relative. */
-  last_label = (char *)smartlist_get(components, smartlist_len(components) - 
1);
+  last_label = (char *)smartlist_get(components,
+ smartlist_len(components) - 1);
   has_trailing_dot = (last_label[0] == '\0');
   if (has_trailing_dot) {
 smartlist_pop_last(components);
@@ -1133,12 +1134,20 @@ string_is_valid_hostname(const char *string)
   break;
 }
 
-if (c_sl_idx == c_sl_len - 1) {
+if (c_sl_idx == c_sl_len - 1) { // TLD validation.
+  int is_punycode = (strlen(c) > 4 &&
+ (c[0] == 'X' || c[0] == 'x') &&
+ (c[1] == 'N' || c[1] == 'n') &&
+  c[2] == '-' && c[3] == '-');
+
+  if (is_punycode)
+c += 4;
+
   do {
-result = TOR_ISALPHA(*c);
+result = is_punycode ? TOR_ISALNUM(*c) : TOR_ISALPHA(*c);
 c++;
   } while (result && *c);
-} else {
+} else { // Regular hostname label validation.
   do {
 result = (TOR_ISALNUM(*c) || (*c == '-') || (*c == '_'));
 c++;
diff --git a/src/test/test_util.c b/src/test/test_util.c
index db2ea1a34..ef1f420fe 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -5595,6 +5595,10 @@ test_util_hostname_validation(void *arg)
   tt_assert(!string_is_valid_hostname("luck.y13"));
   tt_assert(!string_is_valid_hostname("luck.y13."));
 
+  // We allow punycode TLDs. For examples, see
+  // http://data.iana.org/TLD/tlds-alpha-by-domain.txt
+  tt_assert(string_is_valid_hostname("example.xn--l1acc"));
+
   done:
   return;
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits