This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
router_skip_orport_reachability_check router_should_skip_orport_reachability_check \
router_skip_dirport_reachability_check router_should_skip_dirport_reachability_check \
router_connect_assume_or_reachable client_or_conn_should_skip_reachable_address_check \
router_connect_assume_dir_reachable client_dir_conn_should_skip_reachable_address_check
It was generated with --no-verify, so it probably breaks some commit hooks.
The commiter should be sure to fix them up in a subsequent commit.
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
check_whether_orport_reachable router_skip_orport_reachability_check \
check_whether_dirport_reachable router_skip_dirport_reachability_check
It was generated with --no-verify, so it probably breaks some commit hooks.
The commiter should be sure to fix them up in a subsequent commit.
Part of 33222.
The client auth protocol allows attacker-controlled x25519 private keys being
passed around, which allows an attacker to potentially trigger the all-zeroes
assert for client_auth_sk in hs_descriptor.c:decrypt_descriptor_cookie().
We fixed that by making sure that an all-zeroes client auth key will not be
used.
There are no guidelines for validating x25519 private keys, and the assert was
there as a sanity check for code flow issues (we don't want to enter that
function with an unitialized key if client auth is being used). To avoid such
crashes in the future, we also changed the assert to a BUG-and-err.
clang-format sometimes thinks that "#name" should be written as
"# name" if it appears at the start of a line. Using () appears
to suppress this, while confusing Coccinelle.
When we added the ACTIVE and DORMANT virtual signals, we taught the
signal command to handle them, but we didn't teach SIGNAL event to
report them.
To solve this problem and prevent it from recurring, this patch
revises the implementation of control_event_signal() to use the same
signal_table that handle_control_signal() uses. This way, the two
controller commands can't become out of sync.
Fixes bug 33104; bugfix on 0.4.0.1-alpha.
This function had some XXX comments indicating (correctly) that it
was not actually used by the dirserver code, and that only the
controller still used it.
Simplify handle_control_getinfo() by using the new reply lines
abstraction. Previously, this function explicitly checked for whether
it should generate a MidReplyLine, a DataReplyLine, or an
EndReplyLine. control_write_reply_lines() now abstracts this check.
Part of #30984.
In handle_control_getconf(), use the new control reply line
abstraction to simplify output generation. Previously, this function
explicitly checked for whether it should generate a MidReplyLine or an
EndReplyLine. control_write_reply_lines() now abstracts this check.
Part of #30984.
All of these files contain "*.h", except for:
* src/app/config/.may_include
* src/test/.may_include
which also contain "*.inc".
This change prevents includes of "*.c" files, and other
unusually named files.
Part of 32609.
Because the function that parses client auth credentials saved on
disk (parse_auth_file_content()) is not future compatible, there is no way to
add support for storing the nickname on the disk. Hence, nicknames cannot
persist after Tor restart making them pretty much useless.
In the future we can introduce nicknames by adding a new file format for client
auth credentials, but this was not deemed worth doing at this stage.
- See hs_client_register_auth_credentials() for the entry point.
- Also set the permanent flag for credentials we read from the filesystem.
- Also add some missing documentation.
