[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r13630: add a flag to suppress overwriting the certificates file wit (in tor/trunk: . src/or)
Author: nickm
Date: 2008-02-20 18:20:36 -0500 (Wed, 20 Feb 2008)
New Revision: 13630
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/or/buffers.c
tor/trunk/src/or/directory.c
tor/trunk/src/or/dirvote.c
tor/trunk/src/or/or.h
tor/trunk/src/or/router.c
tor/trunk/src/or/routerlist.c
Log:
r18272@catbus: nickm | 2008-02-20 18:20:33 -0500
add a flag to suppress overwriting the certificates file with new certificates, so we do not overwrite all certs when starting as an authority.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r18272] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/ChangeLog 2008-02-20 23:20:36 UTC (rev 13630)
@@ -56,6 +56,8 @@
- We were comparing the raw BridgePassword entry with a base64'ed
version of it, when handling a "/tor/networkstatus-bridges"
directory request. Now compare correctly. Noticed by Veracode.
+ - When starting as an authority, do not overwrite all certificates
+ cached from author authorities. Bugfix on 0.2.0.x. Fixes bug 606.
o Code simplifications and refactoring:
- Remove the tor_strpartition function: its logic was confused,
Modified: tor/trunk/src/or/buffers.c
===================================================================
--- tor/trunk/src/or/buffers.c 2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/buffers.c 2008-02-20 23:20:36 UTC (rev 13630)
@@ -13,7 +13,7 @@
* fairly opaque string holders that can read to or flush from:
* memory, file descriptors, or TLS connections.
**/
-
+#define BUFFERS_PRIVATE
#include "or.h"
//#define PARANOIA
@@ -1075,7 +1075,7 @@
/** Return the first position in <b>buf</b> at which the <b>n</b>-character
* string <b>s</b> occurs, or -1 if it does not occur. */
-static int
+/*private*/ int
buf_find_string_offset(const buf_t *buf, const char *s, size_t n)
{
buf_pos_t pos;
Modified: tor/trunk/src/or/directory.c
===================================================================
--- tor/trunk/src/or/directory.c 2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/directory.c 2008-02-20 23:20:36 UTC (rev 13630)
@@ -1533,7 +1533,7 @@
}
log_info(LD_DIR,"Received authority certificates (size %d) from server "
"'%s:%d'",(int) body_len, conn->_base.address, conn->_base.port);
- if (trusted_dirs_load_certs_from_string(body, 0)<0) {
+ if (trusted_dirs_load_certs_from_string(body, 0, 1)<0) {
log_warn(LD_DIR, "Unable to parse fetched certificates");
connection_dir_download_cert_failed(conn, status_code);
} else {
Modified: tor/trunk/src/or/dirvote.c
===================================================================
--- tor/trunk/src/or/dirvote.c 2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/dirvote.c 2008-02-20 23:20:36 UTC (rev 13630)
@@ -1543,7 +1543,7 @@
/* Hey, it's a new cert! */
trusted_dirs_load_certs_from_string(
vote->cert->cache_info.signed_descriptor_body,
- 0 /* from_store */);
+ 0 /* from_store */, 1 /*flush*/);
if (!authority_cert_get_by_digests(vote->cert->cache_info.identity_digest,
vote->cert->signing_key_digest)) {
log_warn(LD_BUG, "We added a cert, but still couldn't find it.");
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/or.h 2008-02-20 23:20:36 UTC (rev 13630)
@@ -2471,6 +2471,10 @@
void assert_buf_ok(buf_t *buf);
+#ifdef BUFFERS_PRIVATE
+int buf_find_string_offset(const buf_t *buf, const char *s, size_t n);
+#endif
+
/********************************* circuitbuild.c **********************/
char *circuit_list_path(origin_circuit_t *circ, int verbose);
@@ -3846,7 +3850,8 @@
int get_n_authorities(authority_type_t type);
int trusted_dirs_reload_certs(void);
-int trusted_dirs_load_certs_from_string(const char *contents, int from_store);
+int trusted_dirs_load_certs_from_string(const char *contents, int from_store,
+ int flush);
void trusted_dirs_flush_certs_to_disk(void);
authority_cert_t *authority_cert_get_newest_by_id(const char *id_digest);
authority_cert_t *authority_cert_get_by_sk_digest(const char *sk_digest);
Modified: tor/trunk/src/or/router.c
===================================================================
--- tor/trunk/src/or/router.c 2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/router.c 2008-02-20 23:20:36 UTC (rev 13630)
@@ -587,7 +587,7 @@
if (cert) { /* add my own cert to the list of known certs */
log_info(LD_DIR, "adding my own v3 cert");
if (trusted_dirs_load_certs_from_string(
- cert->cache_info.signed_descriptor_body, 0)<0) {
+ cert->cache_info.signed_descriptor_body, 0, 0)<0) {
log_warn(LD_DIR, "Unable to parse my own v3 cert! Failing.");
return -1;
}
Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c 2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/routerlist.c 2008-02-20 23:20:36 UTC (rev 13630)
@@ -127,7 +127,7 @@
tor_free(filename);
if (!contents)
return 0;
- r = trusted_dirs_load_certs_from_string(contents, 1);
+ r = trusted_dirs_load_certs_from_string(contents, 1, 1);
tor_free(contents);
return r;
}
@@ -155,7 +155,8 @@
* to flush any changed certificates to disk. Return 0 on success, -1 on
* failure. */
int
-trusted_dirs_load_certs_from_string(const char *contents, int from_store)
+trusted_dirs_load_certs_from_string(const char *contents, int from_store,
+ int flush)
{
trusted_dir_server_t *ds;
const char *s, *eos;
@@ -215,7 +216,8 @@
trusted_dir_servers_certs_changed = 1;
}
- trusted_dirs_flush_certs_to_disk();
+ if (flush)
+ trusted_dirs_flush_certs_to_disk();
networkstatus_note_certs_arrived();
return 0;