[tbb-commits] [tor-browser-bundle/hardened-builds] Bug 17801: Remove special tor patches
gk at torproject.org
gk at torproject.org
Thu Dec 10 09:44:54 UTC 2015
commit fe0fbddde4c008ceba36abe826daf75fd63b403d
Author: Georg Koppen <gk at torproject.org>
Date: Thu Dec 10 09:04:42 2015 +0000
Bug 17801: Remove special tor patches
---
gitian/descriptors/linux/gitian-tor.yml | 14 -
gitian/descriptors/mac/gitian-tor.yml | 14 -
gitian/descriptors/windows/gitian-tor.yml | 14 -
gitian/patches/bug15482.patch | 40 --
gitian/patches/bug16430.patch | 93 ----
gitian/patches/bug16674.patch | 74 ---
gitian/patches/bug8402-master.patch | 732 -----------------------------
gitian/patches/bug8405.patch | 84 ----
8 files changed, 1065 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index f31aac9..630c2e0 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -23,11 +23,6 @@ files:
- "openssl-linux64-utils.zip"
- "libevent-linux64-utils.zip"
- "versions"
-- "bug8402-master.patch"
-- "bug8405.patch"
-- "bug15482.patch"
-- "bug16430.patch"
-- "bug16674.patch"
- "dzip.sh"
script: |
INSTDIR="$HOME/install"
@@ -73,15 +68,6 @@ script: |
# Building tor
cd tor
git update-index --refresh -q
- export GIT_COMMITTER_NAME="nobody"
- export GIT_COMMITTER_EMAIL="nobody at localhost"
- export GIT_COMMITTER_DATE="$REFERENCE_DATETIME"
- if [ ${TOR_TAG::9} == "tor-0.2.6" ];
- then
- git am ~/build/bug15482.patch
- git am ~/build/bug16430.patch
- git am ~/build/bug16674.patch
- fi
mkdir -p $OUTDIR/src
#git archive HEAD | tar -x -C $OUTDIR/src
./autogen.sh
diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml
index 857b5de..a6824c0 100644
--- a/gitian/descriptors/mac/gitian-tor.yml
+++ b/gitian/descriptors/mac/gitian-tor.yml
@@ -15,11 +15,6 @@ remotes:
"dir": "tor"
files:
- "versions"
-- "bug8402-master.patch"
-- "bug8405.patch"
-- "bug15482.patch"
-- "bug16430.patch"
-- "bug16674.patch"
- "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb"
- "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz"
- "dzip.sh"
@@ -54,15 +49,6 @@ script: |
export LDFLAGS="-m64 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -mmacosx-version-min=10.5"
cd tor
git update-index --refresh -q
- export GIT_COMMITTER_NAME="nobody"
- export GIT_COMMITTER_EMAIL="nobody at localhost"
- export GIT_COMMITTER_DATE="$REFERENCE_DATETIME"
- if [ ${TOR_TAG::9} == "tor-0.2.6" ];
- then
- git am ~/build/bug15482.patch
- git am ~/build/bug16430.patch
- git am ~/build/bug16674.patch
- fi
mkdir -p $OUTDIR/src
#git archive HEAD | tar -x -C $OUTDIR/src
./autogen.sh
diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml
index 601dc4e..63b527a 100644
--- a/gitian/descriptors/windows/gitian-tor.yml
+++ b/gitian/descriptors/windows/gitian-tor.yml
@@ -15,11 +15,6 @@ remotes:
"dir": "tor"
files:
- "versions"
-- "bug8402-master.patch"
-- "bug8405.patch"
-- "bug15482.patch"
-- "bug16430.patch"
-- "bug16674.patch"
- "binutils.tar.bz2"
- "dzip.sh"
- "mingw-w64-win32-utils.zip"
@@ -54,15 +49,6 @@ script: |
# Building tor
cd tor
git update-index --refresh -q
- export GIT_COMMITTER_NAME="nobody"
- export GIT_COMMITTER_EMAIL="nobody at localhost"
- export GIT_COMMITTER_DATE="$REFERENCE_DATETIME"
- if [ ${TOR_TAG::9} == "tor-0.2.6" ];
- then
- git am ~/build/bug15482.patch
- git am ~/build/bug16430.patch
- git am ~/build/bug16674.patch
- fi
mkdir -p $OUTDIR/src
#git archive HEAD | tar -x -C $OUTDIR/src
# We are building normal bundles without the console popping up and expert
diff --git a/gitian/patches/bug15482.patch b/gitian/patches/bug15482.patch
deleted file mode 100644
index df8a156..0000000
--- a/gitian/patches/bug15482.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 748414784f71126b093aa7466908e00f71a7b046 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Fri, 27 Mar 2015 12:57:37 -0700
-Subject: [PATCH] Bug 15482: Don't abandon circuits that are still in use for
- browsing.
-
-Only applies to connections with SOCKS auth set, so that non-web Tor
-activity is not affected.
-
-Simpler version of Nick's patch because the randomness worried me, and I'm not
-otherwise sure why we want a max here.
----
- src/or/circuituse.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/or/circuituse.c b/src/or/circuituse.c
-index d0d31ad..6cce4bf 100644
---- a/src/or/circuituse.c
-+++ b/src/or/circuituse.c
-@@ -2264,8 +2264,15 @@ connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn,
-
- base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
-
-- if (!circ->base_.timestamp_dirty)
-- circ->base_.timestamp_dirty = time(NULL);
-+ if (!circ->base_.timestamp_dirty) {
-+ circ->base_.timestamp_dirty = approx_time();
-+ } else if ((conn->entry_cfg.isolation_flags & ISO_SOCKSAUTH) &&
-+ (conn->socks_request->usernamelen ||
-+ conn->socks_request->passwordlen)) {
-+ /* When stream isolation is in use and controlled by an application
-+ * we are willing to keep using the stream. */
-+ circ->base_.timestamp_dirty = approx_time();
-+ }
-
- pathbias_count_use_attempt(circ);
-
---
-1.9.1
-
diff --git a/gitian/patches/bug16430.patch b/gitian/patches/bug16430.patch
deleted file mode 100644
index 81bbe3e..0000000
--- a/gitian/patches/bug16430.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 3f336966a264d7cd7c6dab08fb85d85273f06d68 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Wed, 24 Jun 2015 13:52:29 +0000
-Subject: [PATCH] Work around nytimes.com's broken hostnames in our SOCKS
- checks.
-
-RFC 952 is approximately 30 years old, and people are failing to comply,
-by serving A records with '_' as part of the hostname. Since relaxing
-the check is a QOL improvement for our userbase, relax the check to
-allow such abominations as destinations, especially since there are
-likely to be other similarly misconfigured domains out there.
----
- changes/bug16430 | 4 ++++
- src/common/util.c | 7 +++++--
- src/test/test_util.c | 9 +++++++--
- 3 files changed, 16 insertions(+), 4 deletions(-)
- create mode 100644 changes/bug16430
-
-diff --git a/changes/bug16430 b/changes/bug16430
-new file mode 100644
-index 0000000..ca7b874
---- /dev/null
-+++ b/changes/bug16430
-@@ -0,0 +1,4 @@
-+ o Minor features (client):
-+ - Relax the validation done to hostnames in SOCKS5 requests, and allow
-+ '_' to cope with domains observed in the wild that are serving non-RFC
-+ compliant records. Resolves ticket 16430.
-diff --git a/src/common/util.c b/src/common/util.c
-index 942d0c2..4490150 100644
---- a/src/common/util.c
-+++ b/src/common/util.c
-@@ -1036,6 +1036,9 @@ string_is_valid_ipv6_address(const char *string)
-
- /** Return true iff <b>string</b> matches a pattern of DNS names
- * that we allow Tor clients to connect to.
-+ *
-+ * Note: This allows certain technically invalid characters ('_') to cope
-+ * with misconfigured zones that have been encountered in the wild.
- */
- int
- string_is_valid_hostname(const char *string)
-@@ -1048,7 +1051,7 @@ string_is_valid_hostname(const char *string)
- smartlist_split_string(components,string,".",0,0);
-
- SMARTLIST_FOREACH_BEGIN(components, char *, c) {
-- if (c[0] == '-') {
-+ if ((c[0] == '-') || (*c == '_')) {
- result = 0;
- break;
- }
-@@ -1057,7 +1060,7 @@ string_is_valid_hostname(const char *string)
- if ((*c >= 'a' && *c <= 'z') ||
- (*c >= 'A' && *c <= 'Z') ||
- (*c >= '0' && *c <= '9') ||
-- (*c == '-'))
-+ (*c == '-') || (*c == '_'))
- c++;
- else
- result = 0;
-diff --git a/src/test/test_util.c b/src/test/test_util.c
-index b0366db..0f64c26 100644
---- a/src/test/test_util.c
-+++ b/src/test/test_util.c
-@@ -4268,18 +4268,23 @@ test_util_hostname_validation(void *arg)
- tt_assert(string_is_valid_hostname("stanford.edu"));
- tt_assert(string_is_valid_hostname("multiple-words-with-hypens.jp"));
-
-- // Subdomain name cannot start with '-'.
-+ // Subdomain name cannot start with '-' or '_'.
- tt_assert(!string_is_valid_hostname("-torproject.org"));
- tt_assert(!string_is_valid_hostname("subdomain.-domain.org"));
- tt_assert(!string_is_valid_hostname("-subdomain.domain.org"));
-+ tt_assert(!string_is_valid_hostname("___abc.org"));
-
- // Hostnames cannot contain non-alphanumeric characters.
- tt_assert(!string_is_valid_hostname("%%domain.\\org."));
- tt_assert(!string_is_valid_hostname("***x.net"));
-- tt_assert(!string_is_valid_hostname("___abc.org"));
- tt_assert(!string_is_valid_hostname("\xff\xffxyz.org"));
- tt_assert(!string_is_valid_hostname("word1 word2.net"));
-
-+ // Test workaround for nytimes.com stupidity, technically invalid,
-+ // but we allow it since they are big, even though they are failing to
-+ // comply with a ~30 year old standard.
-+ tt_assert(string_is_valid_hostname("core3_euw1.fabrik.nytimes.com"));
-+
- // XXX: do we allow single-label DNS names?
-
- done:
---
-1.9.1
-
diff --git a/gitian/patches/bug16674.patch b/gitian/patches/bug16674.patch
deleted file mode 100644
index 9497684..0000000
--- a/gitian/patches/bug16674.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From da6aa7bfa5014b980a93b38024d16b32720dc67a Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Mon, 27 Jul 2015 12:58:40 +0000
-Subject: [PATCH] Allow a single trailing `.` when validating FQDNs from SOCKS.
-
-URI syntax (and DNS syntax) allows for a single trailing `.` to
-explicitly distinguish between a relative and absolute
-(fully-qualified) domain name. While this is redundant in that RFC 1928
-DOMAINNAME addresses are *always* fully-qualified, certain clients
-blindly pass the trailing `.` along in the request.
-
-Fixes bug 16674; bugfix on 0.2.6.2-alpha.
----
- changes/bug16674 | 5 +++++
- src/common/util.c | 6 ++++++
- src/test/test_util.c | 12 ++++++++++++
- 3 files changed, 23 insertions(+)
- create mode 100644 changes/bug16674
-
-diff --git a/changes/bug16674 b/changes/bug16674
-new file mode 100644
-index 0000000..de55523
---- /dev/null
-+++ b/changes/bug16674
-@@ -0,0 +1,5 @@
-+ o Minor features (client):
-+ - Relax the validation done to hostnames in SOCKS5 requests, and allow
-+ a single trailing '.' to cope with clients that pass FQDNs using that
-+ syntax to explicitly indicate that the domain name is
-+ fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
-diff --git a/src/common/util.c b/src/common/util.c
-index 618e6a1..1aac4fc 100644
---- a/src/common/util.c
-+++ b/src/common/util.c
-@@ -1056,6 +1056,12 @@ string_is_valid_hostname(const char *string)
- break;
- }
-
-+ /* Allow a single terminating '.' used rarely to indicate domains
-+ * are FQDNs rather than relative. */
-+ if ((c_sl_idx > 0) && (c_sl_idx + 1 == c_sl_len) && !*c) {
-+ continue;
-+ }
-+
- do {
- if ((*c >= 'a' && *c <= 'z') ||
- (*c >= 'A' && *c <= 'Z') ||
-diff --git a/src/test/test_util.c b/src/test/test_util.c
-index 0f64c26..2bffb17 100644
---- a/src/test/test_util.c
-+++ b/src/test/test_util.c
-@@ -4285,7 +4285,19 @@ test_util_hostname_validation(void *arg)
- // comply with a ~30 year old standard.
- tt_assert(string_is_valid_hostname("core3_euw1.fabrik.nytimes.com"));
-
-+ // Firefox passes FQDNs with trailing '.'s directly to the SOCKS proxy,
-+ // which is redundant since the spec states DOMAINNAME addresses are fully
-+ // qualified. While unusual, this should be tollerated.
-+ tt_assert(string_is_valid_hostname("core9_euw1.fabrik.nytimes.com."));
-+ tt_assert(!string_is_valid_hostname("..washingtonpost.is.better.com"));
-+ tt_assert(!string_is_valid_hostname("so.is..ft.com"));
-+ tt_assert(!string_is_valid_hostname("..."));
-+
- // XXX: do we allow single-label DNS names?
-+ // We shouldn't for SOCKS (spec says "contains a fully-qualified domain name"
-+ // but only test pathologically malformed traling '.' cases for now.
-+ tt_assert(!string_is_valid_hostname("."));
-+ tt_assert(!string_is_valid_hostname(".."));
-
- done:
- return;
---
-1.9.1
-
diff --git a/gitian/patches/bug8402-master.patch b/gitian/patches/bug8402-master.patch
deleted file mode 100644
index 5a6386a..0000000
--- a/gitian/patches/bug8402-master.patch
+++ /dev/null
@@ -1,732 +0,0 @@
-From 9d7410ac5837658efa9b2d7d85c0c71f09a7a759 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Tue, 25 Mar 2014 07:21:22 +0000
-Subject: [PATCH 1/5] Allow ClientTransportPlugins to use proxies
-
-This change allows using Socks4Proxy, Socks5Proxy and HTTPSProxy with
-ClientTransportPlugins via the TOR_PT_PROXY extension to the
-pluggable transport specification.
-
-This fixes bug #8402.
----
- src/or/config.c | 13 ++++--
- src/or/connection.c | 62 +++++++++++++++++++++--------
- src/or/transports.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++--
- src/or/transports.h | 6 +++
- src/test/test_pt.c | 81 +++++++++++++++++++++++++++++++++++++
- 5 files changed, 251 insertions(+), 23 deletions(-)
-
-diff --git a/src/or/config.c b/src/or/config.c
-index 0f7b1d2..b33098e 100644
---- a/src/or/config.c
-+++ b/src/or/config.c
-@@ -3174,11 +3174,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
- }
- }
-
-- /* Check if more than one proxy type has been enabled. */
-+ /* Check if more than one exclusive proxy type has been enabled. */
- if (!!options->Socks4Proxy + !!options->Socks5Proxy +
-- !!options->HTTPSProxy + !!options->ClientTransportPlugin > 1)
-+ !!options->HTTPSProxy > 1)
- REJECT("You have configured more than one proxy type. "
-- "(Socks4Proxy|Socks5Proxy|HTTPSProxy|ClientTransportPlugin)");
-+ "(Socks4Proxy|Socks5Proxy|HTTPSProxy)");
-
- /* Check if the proxies will give surprising behavior. */
- if (options->HTTPProxy && !(options->Socks4Proxy ||
-@@ -4842,6 +4842,13 @@ parse_client_transport_line(const or_options_t *options,
- pt_kickstart_client_proxy(transport_list, proxy_argv);
- }
- } else { /* external */
-+ /* ClientTransportPlugins connecting through a proxy is managed only. */
-+ if (options->Socks4Proxy || options->Socks5Proxy || options->HTTPSProxy) {
-+ log_warn(LD_CONFIG, "You have configured an external proxy with another "
-+ "proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy)");
-+ goto err;
-+ }
-+
- if (smartlist_len(transport_list) != 1) {
- log_warn(LD_CONFIG, "You can't have an external proxy with "
- "more than one transports.");
-diff --git a/src/or/connection.c b/src/or/connection.c
-index cef9172..b32cddf 100644
---- a/src/or/connection.c
-+++ b/src/or/connection.c
-@@ -86,6 +86,8 @@ static int connection_read_https_proxy_response(connection_t *conn);
- static void connection_send_socks5_connect(connection_t *conn);
- static const char *proxy_type_to_string(int proxy_type);
- static int get_proxy_type(void);
-+static int get_bridge_pt_addrport(tor_addr_t *addr, uint16_t *port,
-+ int *proxy_type, const connection_t *conn);
-
- /** The last addresses that our network interface seemed to have been
- * binding to. We use this as one way to detect when our IP changes.
-@@ -1689,14 +1691,14 @@ get_proxy_type(void)
- {
- const or_options_t *options = get_options();
-
-- if (options->HTTPSProxy)
-+ if (options->ClientTransportPlugin)
-+ return PROXY_PLUGGABLE;
-+ else if (options->HTTPSProxy)
- return PROXY_CONNECT;
- else if (options->Socks4Proxy)
- return PROXY_SOCKS4;
- else if (options->Socks5Proxy)
- return PROXY_SOCKS5;
-- else if (options->ClientTransportPlugin)
-- return PROXY_PLUGGABLE;
- else
- return PROXY_NONE;
- }
-@@ -4771,6 +4773,35 @@ assert_connection_ok(connection_t *conn, time_t now)
- }
-
- /** Fills <b>addr</b> and <b>port</b> with the details of the global
-+ * pluggable transport or bridge we are using.
-+ * <b>conn</b> contains the connection we are using the PT/bridge for.
-+ *
-+ * Return 0 on success, -1 on failure.
-+ */
-+static int
-+get_bridge_pt_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
-+ const connection_t *conn)
-+{
-+ const or_options_t *options = get_options();
-+
-+ if (options->ClientTransportPlugin || options->Bridges) {
-+ const transport_t *transport = NULL;
-+ int r;
-+ r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
-+ if (r<0)
-+ return -1;
-+ if (transport) { /* transport found */
-+ tor_addr_copy(addr, &transport->addr);
-+ *port = transport->port;
-+ *proxy_type = transport->socks_version;
-+ return 0;
-+ }
-+ }
-+
-+ return -1;
-+}
-+
-+/** Fills <b>addr</b> and <b>port</b> with the details of the global
- * proxy server we are using.
- * <b>conn</b> contains the connection we are using the proxy for.
- *
-@@ -4782,6 +4813,16 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
- {
- const or_options_t *options = get_options();
-
-+ /* Client Transport Plugins can use another proxy, but that should be hidden
-+ * from the rest of tor (as the plugin is responsible for dealing with the
-+ * proxy), check it first, then check the rest of the proxy types to allow
-+ * the config to have unused ClientTransportPlugin entries.
-+ */
-+ if (options->ClientTransportPlugin) {
-+ if (get_bridge_pt_addrport(addr, port, proxy_type, conn) == 0)
-+ return 0;
-+ }
-+
- if (options->HTTPSProxy) {
- tor_addr_copy(addr, &options->HTTPSProxyAddr);
- *port = options->HTTPSProxyPort;
-@@ -4797,19 +4838,8 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
- *port = options->Socks5ProxyPort;
- *proxy_type = PROXY_SOCKS5;
- return 0;
-- } else if (options->ClientTransportPlugin ||
-- options->Bridges) {
-- const transport_t *transport = NULL;
-- int r;
-- r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
-- if (r<0)
-- return -1;
-- if (transport) { /* transport found */
-- tor_addr_copy(addr, &transport->addr);
-- *port = transport->port;
-- *proxy_type = transport->socks_version;
-- return 0;
-- }
-+ } else if (options->Bridges) {
-+ return get_bridge_pt_addrport(addr, port, proxy_type, conn);
- }
-
- tor_addr_make_unspec(addr);
-diff --git a/src/or/transports.c b/src/or/transports.c
-index dc30754..b810315 100644
---- a/src/or/transports.c
-+++ b/src/or/transports.c
-@@ -124,6 +124,8 @@ static INLINE void free_execve_args(char **arg);
- #define PROTO_SMETHOD_ERROR "SMETHOD-ERROR"
- #define PROTO_CMETHODS_DONE "CMETHODS DONE"
- #define PROTO_SMETHODS_DONE "SMETHODS DONE"
-+#define PROTO_PROXY_DONE "PROXY DONE"
-+#define PROTO_PROXY_ERROR "PROXY-ERROR"
-
- /** The first and only supported - at the moment - configuration
- protocol version. */
-@@ -439,6 +441,17 @@ add_transport_to_proxy(const char *transport, managed_proxy_t *mp)
- static int
- proxy_needs_restart(const managed_proxy_t *mp)
- {
-+ int ret = 1;
-+ char* proxy_uri;
-+
-+ /* If the PT proxy config has changed, then all existing pluggable transports
-+ * should be restarted.
-+ */
-+
-+ proxy_uri = get_pt_proxy_uri();
-+ if (strcmp_opt(proxy_uri, mp->proxy_uri) != 0)
-+ goto needs_restart;
-+
- /* mp->transport_to_launch is populated with the names of the
- transports that must be launched *after* the SIGHUP.
- mp->transports is populated with the transports that were
-@@ -459,10 +472,10 @@ proxy_needs_restart(const managed_proxy_t *mp)
-
- } SMARTLIST_FOREACH_END(t);
-
-- return 0;
--
-- needs_restart:
-- return 1;
-+ ret = 0;
-+needs_restart:
-+ tor_free(proxy_uri);
-+ return ret;
- }
-
- /** Managed proxy <b>mp</b> must be restarted. Do all the necessary
-@@ -493,6 +506,11 @@ proxy_prepare_for_restart(managed_proxy_t *mp)
- SMARTLIST_FOREACH(mp->transports, transport_t *, t, transport_free(t));
- smartlist_clear(mp->transports);
-
-+ /* Reset the proxy's HTTPS/SOCKS proxy */
-+ tor_free(mp->proxy_uri);
-+ mp->proxy_uri = get_pt_proxy_uri();
-+ mp->proxy_supported = 0;
-+
- /* flag it as an infant proxy so that it gets launched on next tick */
- mp->conf_state = PT_PROTO_INFANT;
- unconfigured_proxies_n++;
-@@ -727,12 +745,52 @@ managed_proxy_destroy(managed_proxy_t *mp,
- /* free the argv */
- free_execve_args(mp->argv);
-
-+ /* free the outgoing proxy URI */
-+ tor_free(mp->proxy_uri);
-+
- tor_process_handle_destroy(mp->process_handle, also_terminate_process);
- mp->process_handle = NULL;
-
- tor_free(mp);
- }
-
-+/** Convert the tor proxy options to a URI suitable for TOR_PT_PROXY. */
-+STATIC char *
-+get_pt_proxy_uri(void)
-+{
-+ const or_options_t *options = get_options();
-+ char *uri = NULL;
-+
-+ if (options->Socks4Proxy || options->Socks5Proxy || options->HTTPSProxy) {
-+ char addr[TOR_ADDR_BUF_LEN+1];
-+
-+ if (options->Socks4Proxy) {
-+ tor_addr_to_str(addr, &options->Socks4ProxyAddr, sizeof(addr), 1);
-+ tor_asprintf(&uri, "socks4a://%s:%d", addr, options->Socks4ProxyPort);
-+ } else if (options->Socks5Proxy) {
-+ tor_addr_to_str(addr, &options->Socks5ProxyAddr, sizeof(addr), 1);
-+ if (!options->Socks5ProxyUsername && !options->Socks5ProxyPassword) {
-+ tor_asprintf(&uri, "socks5://%s:%d", addr, options->Socks5ProxyPort);
-+ } else {
-+ tor_asprintf(&uri, "socks5://%s:%s@%s:%d",
-+ options->Socks5ProxyUsername,
-+ options->Socks5ProxyPassword,
-+ addr, options->Socks5ProxyPort);
-+ }
-+ } else if (options->HTTPSProxy) {
-+ tor_addr_to_str(addr, &options->HTTPSProxyAddr, sizeof(addr), 1);
-+ if (!options->HTTPSProxyAuthenticator) {
-+ tor_asprintf(&uri, "http://%s:%d", addr, options->HTTPSProxyPort);
-+ } else {
-+ tor_asprintf(&uri, "http://%s@%s:%d", options->HTTPSProxyAuthenticator,
-+ addr, options->HTTPSProxyPort);
-+ }
-+ }
-+ }
-+
-+ return uri;
-+}
-+
- /** Handle a configured or broken managed proxy <b>mp</b>. */
- static void
- handle_finished_proxy(managed_proxy_t *mp)
-@@ -745,6 +803,12 @@ handle_finished_proxy(managed_proxy_t *mp)
- managed_proxy_destroy(mp, 0); /* destroy it but don't terminate */
- break;
- case PT_PROTO_CONFIGURED: /* if configured correctly: */
-+ if (mp->proxy_uri && !mp->proxy_supported) {
-+ log_warn(LD_CONFIG, "Managed proxy '%s' did not configure the "
-+ "specified outgoing proxy.", mp->argv[0]);
-+ managed_proxy_destroy(mp, 1); /* annihilate it. */
-+ break;
-+ }
- register_proxy(mp); /* register its transports */
- mp->conf_state = PT_PROTO_COMPLETED; /* and mark it as completed. */
- break;
-@@ -862,6 +926,22 @@ handle_proxy_line(const char *line, managed_proxy_t *mp)
- goto err;
-
- return;
-+ } else if (!strcmpstart(line, PROTO_PROXY_DONE)) {
-+ if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS)
-+ goto err;
-+
-+ if (mp->proxy_uri) {
-+ mp->proxy_supported = 1;
-+ return;
-+ }
-+
-+ /* No proxy was configured, this should log */
-+ } else if (!strcmpstart(line, PROTO_PROXY_ERROR)) {
-+ if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS)
-+ goto err;
-+
-+ parse_proxy_error(line);
-+ goto err;
- } else if (!strcmpstart(line, SPAWN_ERROR_MESSAGE)) {
- /* managed proxy launch failed: parse error message to learn why. */
- int retval, child_state, saved_errno;
-@@ -1128,6 +1208,21 @@ parse_cmethod_line(const char *line, managed_proxy_t *mp)
- return r;
- }
-
-+/** Parses an PROXY-ERROR <b>line</b> and warns the user accordingly. */
-+STATIC void
-+parse_proxy_error(const char *line)
-+{
-+ /* (Length of the protocol string) plus (a space) and (the first char of
-+ the error message) */
-+ if (strlen(line) < (strlen(PROTO_PROXY_ERROR) + 2))
-+ log_notice(LD_CONFIG, "Managed proxy sent us an %s without an error "
-+ "message.", PROTO_PROXY_ERROR);
-+
-+ log_warn(LD_CONFIG, "Managed proxy failed to configure the "
-+ "pluggable transport's outgoing proxy. (%s)",
-+ line+strlen(PROTO_PROXY_ERROR)+1);
-+}
-+
- /** Return a newly allocated string that tor should place in
- * TOR_PT_SERVER_TRANSPORT_OPTIONS while configuring the server
- * manged proxy in <b>mp</b>. Return NULL if no such options are found. */
-@@ -1292,6 +1387,14 @@ create_managed_proxy_environment(const managed_proxy_t *mp)
- } else {
- smartlist_add_asprintf(envs, "TOR_PT_EXTENDED_SERVER_PORT=");
- }
-+ } else {
-+ /* If ClientTransportPlugin has a HTTPS/SOCKS proxy configured, set the
-+ * TOR_PT_PROXY line.
-+ */
-+
-+ if (mp->proxy_uri) {
-+ smartlist_add_asprintf(envs, "TOR_PT_PROXY=%s", mp->proxy_uri);
-+ }
- }
-
- SMARTLIST_FOREACH_BEGIN(envs, const char *, env_var) {
-@@ -1324,6 +1427,7 @@ managed_proxy_create(const smartlist_t *transport_list,
- mp->is_server = is_server;
- mp->argv = proxy_argv;
- mp->transports = smartlist_new();
-+ mp->proxy_uri = get_pt_proxy_uri();
-
- mp->transports_to_launch = smartlist_new();
- SMARTLIST_FOREACH(transport_list, const char *, transport,
-diff --git a/src/or/transports.h b/src/or/transports.h
-index 1365ead..bc2331d 100644
---- a/src/or/transports.h
-+++ b/src/or/transports.h
-@@ -81,6 +81,9 @@ typedef struct {
- char **argv; /* the cli arguments of this proxy */
- int conf_protocol; /* the configuration protocol version used */
-
-+ char *proxy_uri; /* the outgoing proxy in TOR_PT_PROXY URI format */
-+ int proxy_supported : 1; /* the proxy claims to honor TOR_PT_PROXY */
-+
- int is_server; /* is it a server proxy? */
-
- /* A pointer to the process handle of this managed proxy. */
-@@ -112,6 +115,7 @@ STATIC int parse_smethod_line(const char *line, managed_proxy_t *mp);
-
- STATIC int parse_version(const char *line, managed_proxy_t *mp);
- STATIC void parse_env_error(const char *line);
-+STATIC void parse_proxy_error(const char *line);
- STATIC void handle_proxy_line(const char *line, managed_proxy_t *mp);
- STATIC char *get_transport_options_for_server_proxy(const managed_proxy_t *mp);
-
-@@ -123,6 +127,8 @@ STATIC managed_proxy_t *managed_proxy_create(const smartlist_t *transport_list,
-
- STATIC int configure_proxy(managed_proxy_t *mp);
-
-+STATIC char* get_pt_proxy_uri(void);
-+
- #endif
-
- #endif
-diff --git a/src/test/test_pt.c b/src/test/test_pt.c
-index f71627d..788d420 100644
---- a/src/test/test_pt.c
-+++ b/src/test/test_pt.c
-@@ -450,6 +450,85 @@ test_pt_configure_proxy(void *arg)
- tor_free(mp);
- }
-
-+/* Test the get_pt_proxy_uri() function. */
-+static void
-+test_get_pt_proxy_uri(void *arg)
-+{
-+ or_options_t *options = get_options_mutable();
-+ char *uri = NULL;
-+ int ret;
-+ (void) arg;
-+
-+ /* Test with no proxy. */
-+ uri = get_pt_proxy_uri();
-+ tt_assert(uri == NULL);
-+
-+ /* Test with a SOCKS4 proxy. */
-+ options->Socks4Proxy = "192.0.2.1:1080";
-+ ret = tor_addr_port_lookup(options->Socks4Proxy,
-+ &options->Socks4ProxyAddr,
-+ &options->Socks4ProxyPort);
-+ tt_assert(ret == 0);
-+ uri = get_pt_proxy_uri();
-+ tt_str_op(uri, ==, "socks4a://192.0.2.1:1080");
-+ tor_free(uri);
-+
-+ options->Socks4Proxy = NULL;
-+
-+ /* Test with a SOCKS5 proxy, no username/password. */
-+ options->Socks5Proxy = "192.0.2.1:1080";
-+ ret = tor_addr_port_lookup(options->Socks5Proxy,
-+ &options->Socks5ProxyAddr,
-+ &options->Socks5ProxyPort);
-+ tt_assert(ret == 0);
-+ uri = get_pt_proxy_uri();
-+ tt_str_op(uri, ==, "socks5://192.0.2.1:1080");
-+ tor_free(uri);
-+
-+ /* Test with a SOCKS5 proxy, with username/password. */
-+ options->Socks5ProxyUsername = "hwest";
-+ options->Socks5ProxyPassword = "r34n1m470r";
-+ uri = get_pt_proxy_uri();
-+ tt_str_op(uri, ==, "socks5://hwest:r34n1m470r at 192.0.2.1:1080");
-+ tor_free(uri);
-+
-+ options->Socks5Proxy = NULL;
-+
-+ /* Test with a HTTPS proxy, no authenticator. */
-+ options->HTTPSProxy = "192.0.2.1:80";
-+ ret = tor_addr_port_lookup(options->HTTPSProxy,
-+ &options->HTTPSProxyAddr,
-+ &options->HTTPSProxyPort);
-+ tt_assert(ret == 0);
-+ uri = get_pt_proxy_uri();
-+ tt_str_op(uri, ==, "http://192.0.2.1:80");
-+ tor_free(uri);
-+
-+ /* Test with a HTTPS proxy, with authenticator. */
-+ options->HTTPSProxyAuthenticator = "hwest:r34n1m470r";
-+ uri = get_pt_proxy_uri();
-+ tt_str_op(uri, ==, "http://hwest:r34n1m470r@192.0.2.1:80");
-+ tor_free(uri);
-+
-+ options->HTTPSProxy = NULL;
-+
-+ /* Token nod to the fact that IPv6 exists. */
-+ options->Socks4Proxy = "[2001:db8::1]:1080";
-+ ret = tor_addr_port_lookup(options->Socks4Proxy,
-+ &options->Socks4ProxyAddr,
-+ &options->Socks4ProxyPort);
-+ tt_assert(ret == 0);
-+ uri = get_pt_proxy_uri();
-+ tt_str_op(uri, ==, "socks4a://[2001:db8::1]:1080");
-+ tor_free(uri);
-+
-+
-+ done:
-+ if (uri)
-+ tor_free(uri);
-+}
-+
-+
- #define PT_LEGACY(name) \
- { #name, legacy_test_helper, 0, &legacy_setup, test_pt_ ## name }
-
-@@ -462,6 +541,8 @@ struct testcase_t pt_tests[] = {
- NULL, NULL },
- { "configure_proxy",test_pt_configure_proxy, TT_FORK,
- NULL, NULL },
-+ { "get_pt_proxy_uri", test_get_pt_proxy_uri, TT_FORK,
-+ NULL, NULL },
- END_OF_TESTCASES
- };
-
---
-2.0.0.rc2
-
-
-From 92eecbfee128b22b07bcc97ac36ecdd5183c2da7 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Mon, 14 Apr 2014 21:51:34 +0000
-Subject: [PATCH 2/5] Fixed the test build with --enable-gcc-warnings
-
----
- src/test/test_pt.c | 28 ++++++++++++++--------------
- 1 file changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/src/test/test_pt.c b/src/test/test_pt.c
-index 788d420..cfbd084 100644
---- a/src/test/test_pt.c
-+++ b/src/test/test_pt.c
-@@ -464,7 +464,7 @@ test_get_pt_proxy_uri(void *arg)
- tt_assert(uri == NULL);
-
- /* Test with a SOCKS4 proxy. */
-- options->Socks4Proxy = "192.0.2.1:1080";
-+ options->Socks4Proxy = tor_strdup("192.0.2.1:1080");
- ret = tor_addr_port_lookup(options->Socks4Proxy,
- &options->Socks4ProxyAddr,
- &options->Socks4ProxyPort);
-@@ -472,11 +472,10 @@ test_get_pt_proxy_uri(void *arg)
- uri = get_pt_proxy_uri();
- tt_str_op(uri, ==, "socks4a://192.0.2.1:1080");
- tor_free(uri);
--
-- options->Socks4Proxy = NULL;
-+ tor_free(options->Socks4Proxy);
-
- /* Test with a SOCKS5 proxy, no username/password. */
-- options->Socks5Proxy = "192.0.2.1:1080";
-+ options->Socks5Proxy = tor_strdup("192.0.2.1:1080");
- ret = tor_addr_port_lookup(options->Socks5Proxy,
- &options->Socks5ProxyAddr,
- &options->Socks5ProxyPort);
-@@ -486,16 +485,17 @@ test_get_pt_proxy_uri(void *arg)
- tor_free(uri);
-
- /* Test with a SOCKS5 proxy, with username/password. */
-- options->Socks5ProxyUsername = "hwest";
-- options->Socks5ProxyPassword = "r34n1m470r";
-+ options->Socks5ProxyUsername = tor_strdup("hwest");
-+ options->Socks5ProxyPassword = tor_strdup("r34n1m470r");
- uri = get_pt_proxy_uri();
- tt_str_op(uri, ==, "socks5://hwest:r34n1m470r at 192.0.2.1:1080");
- tor_free(uri);
--
-- options->Socks5Proxy = NULL;
-+ tor_free(options->Socks5Proxy);
-+ tor_free(options->Socks5ProxyUsername);
-+ tor_free(options->Socks5ProxyPassword);
-
- /* Test with a HTTPS proxy, no authenticator. */
-- options->HTTPSProxy = "192.0.2.1:80";
-+ options->HTTPSProxy = tor_strdup("192.0.2.1:80");
- ret = tor_addr_port_lookup(options->HTTPSProxy,
- &options->HTTPSProxyAddr,
- &options->HTTPSProxyPort);
-@@ -505,15 +505,15 @@ test_get_pt_proxy_uri(void *arg)
- tor_free(uri);
-
- /* Test with a HTTPS proxy, with authenticator. */
-- options->HTTPSProxyAuthenticator = "hwest:r34n1m470r";
-+ options->HTTPSProxyAuthenticator = tor_strdup("hwest:r34n1m470r");
- uri = get_pt_proxy_uri();
- tt_str_op(uri, ==, "http://hwest:r34n1m470r@192.0.2.1:80");
- tor_free(uri);
--
-- options->HTTPSProxy = NULL;
-+ tor_free(options->HTTPSProxy);
-+ tor_free(options->HTTPSProxyAuthenticator);
-
- /* Token nod to the fact that IPv6 exists. */
-- options->Socks4Proxy = "[2001:db8::1]:1080";
-+ options->Socks4Proxy = tor_strdup("[2001:db8::1]:1080");
- ret = tor_addr_port_lookup(options->Socks4Proxy,
- &options->Socks4ProxyAddr,
- &options->Socks4ProxyPort);
-@@ -521,7 +521,7 @@ test_get_pt_proxy_uri(void *arg)
- uri = get_pt_proxy_uri();
- tt_str_op(uri, ==, "socks4a://[2001:db8::1]:1080");
- tor_free(uri);
--
-+ tor_free(options->Socks4Proxy);
-
- done:
- if (uri)
---
-2.0.0.rc2
-
-
-From 8361223c10eb929b570e72853a5d9e51b67fd6c3 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Thu, 1 May 2014 03:30:09 +0000
-Subject: [PATCH 3/5] Remove get_bridge_pt_addrport().
-
-The code was not disambiguating ClientTransportPlugin configured and
-not used, and ClientTransportPlugin configured, but in a failed state.
-
-The right thing to do is to undo moving the get_transport_by_addrport()
-call back into get_proxy_addrport(), and remove and explicit check for
-using a Bridge since by the time the check is made, if a Bridge is
-being used, it is PT/proxy-less.
----
- src/or/connection.c | 46 ++++++++++++----------------------------------
- 1 file changed, 12 insertions(+), 34 deletions(-)
-
-diff --git a/src/or/connection.c b/src/or/connection.c
-index b32cddf..ff8cdf1 100644
---- a/src/or/connection.c
-+++ b/src/or/connection.c
-@@ -86,8 +86,6 @@ static int connection_read_https_proxy_response(connection_t *conn);
- static void connection_send_socks5_connect(connection_t *conn);
- static const char *proxy_type_to_string(int proxy_type);
- static int get_proxy_type(void);
--static int get_bridge_pt_addrport(tor_addr_t *addr, uint16_t *port,
-- int *proxy_type, const connection_t *conn);
-
- /** The last addresses that our network interface seemed to have been
- * binding to. We use this as one way to detect when our IP changes.
-@@ -4773,35 +4771,6 @@ assert_connection_ok(connection_t *conn, time_t now)
- }
-
- /** Fills <b>addr</b> and <b>port</b> with the details of the global
-- * pluggable transport or bridge we are using.
-- * <b>conn</b> contains the connection we are using the PT/bridge for.
-- *
-- * Return 0 on success, -1 on failure.
-- */
--static int
--get_bridge_pt_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
-- const connection_t *conn)
--{
-- const or_options_t *options = get_options();
--
-- if (options->ClientTransportPlugin || options->Bridges) {
-- const transport_t *transport = NULL;
-- int r;
-- r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
-- if (r<0)
-- return -1;
-- if (transport) { /* transport found */
-- tor_addr_copy(addr, &transport->addr);
-- *port = transport->port;
-- *proxy_type = transport->socks_version;
-- return 0;
-- }
-- }
--
-- return -1;
--}
--
--/** Fills <b>addr</b> and <b>port</b> with the details of the global
- * proxy server we are using.
- * <b>conn</b> contains the connection we are using the proxy for.
- *
-@@ -4819,8 +4788,19 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
- * the config to have unused ClientTransportPlugin entries.
- */
- if (options->ClientTransportPlugin) {
-- if (get_bridge_pt_addrport(addr, port, proxy_type, conn) == 0)
-+ const transport_t *transport = NULL;
-+ int r;
-+ r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
-+ if (r<0)
-+ return -1;
-+ if (transport) { /* transport found */
-+ tor_addr_copy(addr, &transport->addr);
-+ *port = transport->port;
-+ *proxy_type = transport->socks_version;
- return 0;
-+ }
-+
-+ /* Unused ClientTransportPlugin. */
- }
-
- if (options->HTTPSProxy) {
-@@ -4838,8 +4818,6 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
- *port = options->Socks5ProxyPort;
- *proxy_type = PROXY_SOCKS5;
- return 0;
-- } else if (options->Bridges) {
-- return get_bridge_pt_addrport(addr, port, proxy_type, conn);
- }
-
- tor_addr_make_unspec(addr);
---
-2.0.0.rc2
-
-
-From 68184b317d3f4dc14e758e451377e4e3996bd0ab Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Thu, 1 May 2014 03:43:53 +0000
-Subject: [PATCH 4/5] Log the correct proxy type on failure.
-
-get_proxy_addrport fills in proxy_type with the correct value, so there
-is no point in logging something that's a "best guess" based off the
-config.
----
- src/or/connection.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/or/connection.c b/src/or/connection.c
-index ff8cdf1..5069ed6 100644
---- a/src/or/connection.c
-+++ b/src/or/connection.c
-@@ -4841,7 +4841,7 @@ log_failed_proxy_connection(connection_t *conn)
- log_warn(LD_NET,
- "The connection to the %s proxy server at %s just failed. "
- "Make sure that the proxy server is up and running.",
-- proxy_type_to_string(get_proxy_type()),
-+ proxy_type_to_string(proxy_type),
- fmt_addrport(&proxy_addr, proxy_port));
- }
-
---
-2.0.0.rc2
-
-
-From 34200a44fbbd3f158ea17043c2bcd21d0e382b89 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Thu, 1 May 2014 18:58:53 +0000
-Subject: [PATCH 5/5] Improve the log message when a transport doesn't support
- proxies.
-
-Per feedback, explicltly note that the transport will be killed when it
-does not acknowledge the configured outgoing proxy.
----
- src/or/transports.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/or/transports.c b/src/or/transports.c
-index b810315..eee159d 100644
---- a/src/or/transports.c
-+++ b/src/or/transports.c
-@@ -805,7 +805,8 @@ handle_finished_proxy(managed_proxy_t *mp)
- case PT_PROTO_CONFIGURED: /* if configured correctly: */
- if (mp->proxy_uri && !mp->proxy_supported) {
- log_warn(LD_CONFIG, "Managed proxy '%s' did not configure the "
-- "specified outgoing proxy.", mp->argv[0]);
-+ "specified outgoing proxy and will be terminated.",
-+ mp->argv[0]);
- managed_proxy_destroy(mp, 1); /* annihilate it. */
- break;
- }
---
-2.0.0.rc2
-
diff --git a/gitian/patches/bug8405.patch b/gitian/patches/bug8405.patch
deleted file mode 100644
index 3c40632..0000000
--- a/gitian/patches/bug8405.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From a298c77f7eba232154ff08ca1119b05ccd9eee9e Mon Sep 17 00:00:00 2001
-From: Arthur Edelstein <arthuredelstein at gmail.com>
-Date: Tue, 15 Jul 2014 21:27:59 -0700
-Subject: [PATCH] Bug #8405: Report SOCKS username/password in CIRC status
- events
-
-Introduces two new circuit status name-value parameters: SOCKS_USERNAME
-and SOCKS_PASSWORD. Values are enclosing in quotes and unusual characters
-are escaped.
-
-Example:
-
- 650 CIRC 5 EXTENDED [...] SOCKS_USERNAME="my_username" SOCKS_PASSWORD="my_password"
----
- src/common/util.c | 14 ++++++++++++++
- src/common/util.h | 1 +
- src/or/control.c | 14 ++++++++++++++
- 3 files changed, 29 insertions(+)
-
-diff --git a/src/common/util.c b/src/common/util.c
-index 8589344..64cee56 100644
---- a/src/common/util.c
-+++ b/src/common/util.c
-@@ -1222,6 +1222,20 @@ esc_for_log(const char *s)
- return result;
- }
-
-+/** Similar to esc_for_log. Allocate and return a new string representing
-+ * the first n characters in <b>chars</b>, surround by quotes and using
-+ * standard C escapes. If a NUL character is encountered in <b>chars</b>,
-+ * the resulting string will be terminated there.
-+ */
-+char *
-+esc_for_log_len(const char *chars, size_t n)
-+{
-+ char *string = tor_strndup(chars, n);
-+ char *string_escaped = esc_for_log(string);
-+ tor_free(string);
-+ return string_escaped;
-+}
-+
- /** Allocate and return a new string representing the contents of <b>s</b>,
- * surrounded by quotes and using standard C escapes.
- *
-diff --git a/src/common/util.h b/src/common/util.h
-index 97367a9..50c5a3d 100644
---- a/src/common/util.h
-+++ b/src/common/util.h
-@@ -229,6 +229,7 @@ int tor_mem_is_zero(const char *mem, size_t len);
- int tor_digest_is_zero(const char *digest);
- int tor_digest256_is_zero(const char *digest);
- char *esc_for_log(const char *string) ATTR_MALLOC;
-+char *esc_for_log_len(const char *chars, size_t n) ATTR_MALLOC;
- const char *escaped(const char *string);
-
- char *tor_escape_str_for_pt_args(const char *string,
-diff --git a/src/or/control.c b/src/or/control.c
-index 9285fc5..aa46df6 100644
---- a/src/or/control.c
-+++ b/src/or/control.c
-@@ -1862,6 +1862,20 @@ circuit_describe_status_for_controller(origin_circuit_t *circ)
- smartlist_add_asprintf(descparts, "TIME_CREATED=%s", tbuf);
- }
-
-+ // Show username and/or password if available.
-+ if (circ->socks_username_len > 0) {
-+ char* socks_username_escaped = esc_for_log_len(circ->socks_username,
-+ (size_t) circ->socks_username_len);
-+ smartlist_add_asprintf(descparts, "SOCKS_USERNAME=%s", socks_username_escaped);
-+ tor_free(socks_username_escaped);
-+ }
-+ if (circ->socks_password_len > 0) {
-+ char* socks_password_escaped = esc_for_log_len(circ->socks_password,
-+ (size_t) circ->socks_password_len);
-+ smartlist_add_asprintf(descparts, "SOCKS_PASSWORD=%s", socks_password_escaped);
-+ tor_free(socks_password_escaped);
-+ }
-+
- rv = smartlist_join_strings(descparts, " ", 0, NULL);
-
- SMARTLIST_FOREACH(descparts, char *, cp, tor_free(cp));
---
-1.8.3.4 (Apple Git-47)
-
More information about the tbb-commits
mailing list