[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r13630: add a flag to suppress overwriting the certificates file wit (in tor/trunk: . src/or)



Author: nickm
Date: 2008-02-20 18:20:36 -0500 (Wed, 20 Feb 2008)
New Revision: 13630

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/or/buffers.c
   tor/trunk/src/or/directory.c
   tor/trunk/src/or/dirvote.c
   tor/trunk/src/or/or.h
   tor/trunk/src/or/router.c
   tor/trunk/src/or/routerlist.c
Log:
 r18272@catbus:  nickm | 2008-02-20 18:20:33 -0500
 add a flag to suppress overwriting the certificates file with new certificates, so we do not overwrite all certs when starting as an authority.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r18272] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/ChangeLog	2008-02-20 23:20:36 UTC (rev 13630)
@@ -56,6 +56,8 @@
     - We were comparing the raw BridgePassword entry with a base64'ed
       version of it, when handling a "/tor/networkstatus-bridges"
       directory request. Now compare correctly. Noticed by Veracode.
+    - When starting as an authority, do not overwrite all certificates
+      cached from author authorities.  Bugfix on 0.2.0.x.  Fixes bug 606.
 
   o Code simplifications and refactoring:
     - Remove the tor_strpartition function: its logic was confused,

Modified: tor/trunk/src/or/buffers.c
===================================================================
--- tor/trunk/src/or/buffers.c	2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/buffers.c	2008-02-20 23:20:36 UTC (rev 13630)
@@ -13,7 +13,7 @@
  * fairly opaque string holders that can read to or flush from:
  * memory, file descriptors, or TLS connections.
  **/
-
+#define BUFFERS_PRIVATE
 #include "or.h"
 
 //#define PARANOIA
@@ -1075,7 +1075,7 @@
 
 /** Return the first position in <b>buf</b> at which the <b>n</b>-character
  * string <b>s</b> occurs, or -1 if it does not occur. */
-static int
+/*private*/ int
 buf_find_string_offset(const buf_t *buf, const char *s, size_t n)
 {
   buf_pos_t pos;

Modified: tor/trunk/src/or/directory.c
===================================================================
--- tor/trunk/src/or/directory.c	2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/directory.c	2008-02-20 23:20:36 UTC (rev 13630)
@@ -1533,7 +1533,7 @@
     }
     log_info(LD_DIR,"Received authority certificates (size %d) from server "
              "'%s:%d'",(int) body_len, conn->_base.address, conn->_base.port);
-    if (trusted_dirs_load_certs_from_string(body, 0)<0) {
+    if (trusted_dirs_load_certs_from_string(body, 0, 1)<0) {
       log_warn(LD_DIR, "Unable to parse fetched certificates");
       connection_dir_download_cert_failed(conn, status_code);
     } else {

Modified: tor/trunk/src/or/dirvote.c
===================================================================
--- tor/trunk/src/or/dirvote.c	2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/dirvote.c	2008-02-20 23:20:36 UTC (rev 13630)
@@ -1543,7 +1543,7 @@
     /* Hey, it's a new cert! */
     trusted_dirs_load_certs_from_string(
                                vote->cert->cache_info.signed_descriptor_body,
-                               0 /* from_store */);
+                               0 /* from_store */, 1 /*flush*/);
     if (!authority_cert_get_by_digests(vote->cert->cache_info.identity_digest,
                                        vote->cert->signing_key_digest)) {
       log_warn(LD_BUG, "We added a cert, but still couldn't find it.");

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/or.h	2008-02-20 23:20:36 UTC (rev 13630)
@@ -2471,6 +2471,10 @@
 
 void assert_buf_ok(buf_t *buf);
 
+#ifdef BUFFERS_PRIVATE
+int buf_find_string_offset(const buf_t *buf, const char *s, size_t n);
+#endif
+
 /********************************* circuitbuild.c **********************/
 
 char *circuit_list_path(origin_circuit_t *circ, int verbose);
@@ -3846,7 +3850,8 @@
 
 int get_n_authorities(authority_type_t type);
 int trusted_dirs_reload_certs(void);
-int trusted_dirs_load_certs_from_string(const char *contents, int from_store);
+int trusted_dirs_load_certs_from_string(const char *contents, int from_store,
+                                        int flush);
 void trusted_dirs_flush_certs_to_disk(void);
 authority_cert_t *authority_cert_get_newest_by_id(const char *id_digest);
 authority_cert_t *authority_cert_get_by_sk_digest(const char *sk_digest);

Modified: tor/trunk/src/or/router.c
===================================================================
--- tor/trunk/src/or/router.c	2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/router.c	2008-02-20 23:20:36 UTC (rev 13630)
@@ -587,7 +587,7 @@
   if (cert) { /* add my own cert to the list of known certs */
     log_info(LD_DIR, "adding my own v3 cert");
     if (trusted_dirs_load_certs_from_string(
-          cert->cache_info.signed_descriptor_body, 0)<0) {
+                      cert->cache_info.signed_descriptor_body, 0, 0)<0) {
       log_warn(LD_DIR, "Unable to parse my own v3 cert! Failing.");
       return -1;
     }

Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c	2008-02-20 22:39:26 UTC (rev 13629)
+++ tor/trunk/src/or/routerlist.c	2008-02-20 23:20:36 UTC (rev 13630)
@@ -127,7 +127,7 @@
   tor_free(filename);
   if (!contents)
     return 0;
-  r = trusted_dirs_load_certs_from_string(contents, 1);
+  r = trusted_dirs_load_certs_from_string(contents, 1, 1);
   tor_free(contents);
   return r;
 }
@@ -155,7 +155,8 @@
  * to flush any changed certificates to disk.  Return 0 on success, -1 on
  * failure. */
 int
-trusted_dirs_load_certs_from_string(const char *contents, int from_store)
+trusted_dirs_load_certs_from_string(const char *contents, int from_store,
+                                    int flush)
 {
   trusted_dir_server_t *ds;
   const char *s, *eos;
@@ -215,7 +216,8 @@
       trusted_dir_servers_certs_changed = 1;
   }
 
-  trusted_dirs_flush_certs_to_disk();
+  if (flush)
+    trusted_dirs_flush_certs_to_disk();
 
   networkstatus_note_certs_arrived();
   return 0;