Merge commit 'tor-0.2.1.16-rc' into debian-merge

* commit 'tor-0.2.1.16-rc': (31 commits)
  Bump version to 0.2.1.16-rc
  prepare changelog for 0.2.1.16-rc
  Better fix for 997.
  Revert "Backport fix for bug 997."
  tor-resolve: Don't automatically refuse .onion addresses.
  Backport fix for bug 997.
  Revise earlier check for correct IPv4 addr length to check for ==4.
  Check answer_len in the remap_addr case of process_relay_cell_not_open.
  update requirements to openssl 0.9.7
  Missing changelog entry about geoip
  Move and fix a changelog entry.  Noticed by optimist.
  Avoid a memory corruption problem related to "private" in DirPolicy.
  Update the rest of the geoip file.
  Update the geoip file
  Fix gprof bottlenecks on exit nodes found by Jacob.
  Do not report a node as a "chosen exit" when it is not in fact an exit.
  Make the second argument to routerset_contains_extendinfo const
  Don't attempt to log messages to a controller from a worker thread.
  Clean up a bit of C logic, and fix an erroneous warning.
  Consider *ListenAddress when warning about low ports and hibernation
  ...

.gitignore

@@ -2,6 +2,7 @@
 \#*\#
 .#*
 *~
+*.swp
 # C stuff
 *.o
 # Diff droppings

ChangeLog

@@ -1,3 +1,49 @@
+Changes in version 0.2.1.16-rc - 2009-06-20
+  o Security fixes:
+    - Fix an edge case where a malicious exit relay could convince a
+      controller that the client's DNS question resolves to an internal IP
+      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
+
+  o Major performance improvements (on 0.2.0.x):
+    - Disable and refactor some debugging checks that forced a linear scan
+      over the whole server-side DNS cache. These accounted for over 50%
+      of CPU time on a relatively busy exit node's gprof profile. Found
+      by Jacob.
+    - Disable some debugging checks that appeared in exit node profile
+      data.
+
+  o Minor features:
+    - Update to the "June 3 2009" ip-to-country file.
+    - Do not have tor-resolve automatically refuse all .onion addresses;
+      if AutomapHostsOnResolve is set in your torrc, this will work fine.
+
+  o Minor bugfixes (on 0.2.0.x):
+    - Log correct error messages for DNS-related network errors on
+      Windows.
+    - Fix a race condition that could cause crashes or memory corruption
+      when running as a server with a controller listening for log
+      messages.
+    - Avoid crashing when we have a policy specified in a DirPolicy or
+      SocksPolicy or ReachableAddresses option with ports set on it,
+      and we re-load the policy. May fix bug 996.
+    - Hidden service clients didn't use a cached service descriptor that
+      was older than 15 minutes, but wouldn't fetch a new one either,
+      because there was already one in the cache. Now, fetch a v2
+      descriptor unless the same descriptor was added to the cache within
+      the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
+
+  o Minor bugfixes (on 0.2.1.x):
+    - Don't warn users about low port and hibernation mix when they
+      provide a *ListenAddress directive to fix that. Bugfix on
+      0.2.1.15-rc.
+    - When switching back and forth between bridge mode, do not start
+      gathering GeoIP data until two hours have passed.
+    - Do not complain that the user has requested an excluded node as
+      an exit when the node is not really an exit. This could happen
+      because the circuit was for testing, or an introduction point.
+      Fix for bug 984.
+
+
 Changes in version 0.2.1.15-rc - 2009-05-25
   o Major bugfixes (on 0.2.0.x):
     - Fix a timing-dependent, allocator-dependent, DNS-related crash bug

configure.in

@@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
 AC_INIT
-AM_INIT_AUTOMAKE(tor, 0.2.1.15-rc)
+AM_INIT_AUTOMAKE(tor, 0.2.1.16-rc)
 AM_CONFIG_HEADER(orconfig.h)
 
 AC_CANONICAL_HOST

contrib/tor-mingw.nsi.in

@@ -9,7 +9,7 @@
 !include "FileFunc.nsh"
 !insertmacro GetParameters
   
-!define VERSION "0.2.1.15-rc"
+!define VERSION "0.2.1.16-rc"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"

doc/tor.1.in

@@ -244,7 +244,7 @@ fetching early. Normal users should leave it off.
 \fBFetchHidServDescriptors \fR\fB0\fR|\fB1\fR\fP
 If set to 0, Tor will never fetch any hidden service descriptors from
 the rendezvous directories. This option is only useful if you're using
-a Tor controller that handles hidserv fetches for you.
+a Tor controller that handles hidden service fetches for you.
 (Default: 1)
 .LP
 .TP
@@ -264,31 +264,31 @@ script to enumerate Tor nodes that exit to certain addresses.
 (Default: 0)
 .LP
 .TP
-\fBHttpProxy\fR \fIhost\fR[:\fIport\fR]\fP
+\fBHTTPProxy\fR \fIhost\fR[:\fIport\fR]\fP
 Tor will make all its directory requests through this host:port
 (or host:80 if port is not specified),
 rather than connecting directly to any directory servers.
 .LP
 .TP
-\fBHttpProxyAuthenticator\fR \fIusername:password\fP
-If defined, Tor will use this username:password for Basic Http proxy
+\fBHTTPProxyAuthenticator\fR \fIusername:password\fP
+If defined, Tor will use this username:password for Basic HTTP proxy
 authentication, as in RFC 2617. This is currently the only form of
-Http proxy authentication that Tor supports; feel free to submit a
+HTTP proxy authentication that Tor supports; feel free to submit a
 patch if you want it to support others.
 .LP
 .TP
-\fBHttpsProxy\fR \fIhost\fR[:\fIport\fR]\fP
+\fBHTTPSProxy\fR \fIhost\fR[:\fIport\fR]\fP
 Tor will make all its OR (SSL) connections through this host:port
 (or host:443 if port is not specified), via HTTP CONNECT rather than
 connecting directly to servers.  You may want to set \fBFascistFirewall\fR
-to restrict the set of ports you might try to connect to, if your Https
+to restrict the set of ports you might try to connect to, if your HTTPS
 proxy only allows connecting to certain ports.
 .LP
 .TP
-\fBHttpsProxyAuthenticator\fR \fIusername:password\fP
-If defined, Tor will use this username:password for Basic Https proxy
+\fBHTTPSProxyAuthenticator\fR \fIusername:password\fP
+If defined, Tor will use this username:password for Basic HTTPS proxy
 authentication, as in RFC 2617. This is currently the only form of
-Https proxy authentication that Tor supports; feel free to submit a
+HTTPS proxy authentication that Tor supports; feel free to submit a
 patch if you want it to support others.
 .LP
 .TP
@@ -500,7 +500,7 @@ firewall allows connections to everything inside net 99, rejects port
 Like \fBReachableAddresses\fP, a list of addresses and ports.  Tor will obey
 these restrictions when fetching directory information, using standard HTTP
 GET requests. If not set explicitly then the value of \fBReachableAddresses\fP
-is used.  If \fBHttpProxy\fR is set then these connections will go through that
+is used.  If \fBHTTPProxy\fR is set then these connections will go through that
 proxy.
 .LP
 .TP
@@ -508,11 +508,11 @@ proxy.
 Like \fBReachableAddresses\fP, a list of addresses and ports.  Tor will obey
 these restrictions when connecting to Onion Routers, using TLS/SSL.  If not set
 explicitly then the value of \fBReachableAddresses\fP is used. If
-\fBHttpsProxy\fR is set then these connections will go through that proxy.
+\fBHTTPSProxy\fR is set then these connections will go through that proxy.
 
 The separation between \fBReachableORAddresses\fP and
 \fBReachableDirAddresses\fP is only interesting when you are connecting through
-proxies (see \fBHttpProxy\fR and \fBHttpsProxy\fR).  Most proxies limit TLS
+proxies (see \fBHTTPProxy\fR and \fBHTTPSProxy\fR).  Most proxies limit TLS
 connections (which Tor uses to connect to Onion Routers) to port 443, and some
 limit HTTP GET requests (which Tor uses for fetching directory information) to
 port 80.
@@ -595,7 +595,7 @@ to hosts that match this value and attempt to
 reuse the same exit node for each. If the value is prepended with a '.', it is
 treated as matching an entire domain. If one of the values is just a '.', it
 means match everything. This option is useful if you frequently connect to
-sites that will expire all your authentication cookies (ie log you out) if
+sites that will expire all your authentication cookies (i.e. log you out) if
 your IP address changes. Note that this option does have the disadvantage of
 making it more clear that a given history is
 associated with a single user. However, most people who would wish to observe
@@ -784,7 +784,7 @@ The following options are useful only for servers (that is, if \fBORPort\fP is n
 .LP
 .TP
 \fBAddress \fR\fIaddress\fP
-The IP address or fqdn of this server (e.g. moria.mit.edu). You can
+The IP address or fully qualified domain name of this server (e.g. moria.mit.edu). You can
 leave this unset, and Tor will guess your IP address.
 .LP
 .TP
@@ -964,7 +964,7 @@ behalf of clients. (Defaults to use the system DNS configuration.)
 \fBServerDNSAllowBrokenConfig \fR\fB0\fR|\fB1\fR\fP
 If this option is false, Tor exits immediately if there are problems
 parsing the system DNS configuration or connecting to nameservers.
-Otherwise, Tor continues to periodically retry the system namesevers
+Otherwise, Tor continues to periodically retry the system nameservers
 until it eventually succeeds.
 (Defaults to "1".)
 .LP
@@ -1045,7 +1045,7 @@ admins at tor-ops@freehaven.net if you think you should be a directory.
 .LP
 .TP
 \fBDirPortFrontPage \fIFILENAME\fP
-When this option is set, it takes an html file and publishes it as "/" on
+When this option is set, it takes an HTML file and publishes it as "/" on
 the DirPort. Now relay operators can provide a disclaimer without needing
 to set up a separate webserver. There's a sample disclaimer in
 contrib/tor-exit-notice.html.
@@ -1201,14 +1201,14 @@ for publication by this authority.
 \fBAuthDirListBadDirs \fR\fB0\fR|\fB1\fR\fP
 Authoritative directories only.  If set to 1, this directory has
 some opinion about which nodes are unsuitable as directory caches.  (Do not
-set this to 1 unless you plan to list nonfunctioning directories as bad;
+set this to 1 unless you plan to list non-functioning directories as bad;
 otherwise, you are effectively voting in favor of every declared directory.)
 .LP
 .TP
 \fBAuthDirListBadExits \fR\fB0\fR|\fB1\fR\fP
 Authoritative directories only.  If set to 1, this directory has
 some opinion about which nodes are unsuitable as exit nodes.  (Do not
-set this to 1 unless you plan to list nonfunctioning exits as bad;
+set this to 1 unless you plan to list non-functioning exits as bad;
 otherwise, you are effectively voting in favor of every declared exit
 as an exit.)
 .LP
@@ -1217,7 +1217,7 @@ as an exit.)
 Authoritative directories only.  If set to 1, the directory server
 rejects all uploaded server descriptors that aren't explicitly listed
 in the fingerprints file. This acts as a "panic button" if we get
-Sybiled. (Default: 0)
+hit with a Sybil attack. (Default: 0)
 .LP
 .TP
 \fBAuthDirMaxServersPerAddr\fR \fINUM\fP

src/common/address.c

@@ -465,7 +465,7 @@ tor_addr_to_reverse_lookup_name(char *out, size_t outlen,
       *cp++ = "0123456789abcdef"[byte >> 4];
       *cp++ = '.';
     }
-    memcpy(cp, "ip6.arpa", 9); /* 8 characters plus nul */
+    memcpy(cp, "ip6.arpa", 9); /* 8 characters plus NUL */
     return 0;
   }
   return -1;
@@ -619,7 +619,7 @@ tor_addr_parse_mask_ports(const char *s, tor_addr_t *addr_out,
   } else {
     if (mask) {
       log_warn(LD_GENERAL,
-               "Unexpected mask in addrss %s; rejecting", escaped(s));
+               "Unexpected mask in address %s; rejecting", escaped(s));
       goto err;
     }
   }
@@ -642,7 +642,7 @@ tor_addr_parse_mask_ports(const char *s, tor_addr_t *addr_out,
   } else {
     if (port) {
       log_warn(LD_GENERAL,
-               "Unexpected ports in addrss %s; rejecting", escaped(s));
+               "Unexpected ports in address %s; rejecting", escaped(s));
       goto err;
     }
   }
@@ -654,9 +654,9 @@ tor_addr_parse_mask_ports(const char *s, tor_addr_t *addr_out,
   return -1;
 }
 
-/** Determine whether an address is IPv4, either native or ipv4-mapped ipv6.
+/** Determine whether an address is IPv4, either native or IPv4-mapped IPv6.
  * Note that this is about representation only, as any decent stack will
- * reject ipv4-mapped addresses received on the wire (and won't use them
+ * reject IPv4-mapped addresses received on the wire (and won't use them
  * on the wire either).
  */
 int
@@ -766,11 +766,11 @@ tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
 
 /** Given two addresses <b>addr1</b> and <b>addr2</b>, return 0 if the two
  * addresses are equivalent under the mask mbits, less than 0 if addr1
- * preceeds addr2, and greater than 0 otherwise.
+ * precedes addr2, and greater than 0 otherwise.
  *
  * Different address families (IPv4 vs IPv6) are always considered unequal if
  * <b>how</b> is CMP_EXACT; otherwise, IPv6-mapped IPv4 addresses are
- * cosidered equivalent to their IPv4 equivalents.
+ * considered equivalent to their IPv4 equivalents.
  */
 int
 tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2,
@@ -1021,7 +1021,7 @@ tor_addr_port_parse(const char *s, tor_addr_t *addr_out, uint16_t *port_out)
 }
 
 /** Set *<b>addr</b> to the IP address (if any) of whatever interface
- * connects to the internet.  This address should only be used in checking
+ * connects to the Internet.  This address should only be used in checking
  * whether our address has changed.  Return 0 on success, -1 on failure.
  */
 int
@@ -1039,7 +1039,7 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
   /* Use the "discard" service port */
   ((struct sockaddr_in*)&target_addr)->sin_port = 9;
   /* Don't worry: no packets are sent. We just need to use a real address
-   * on the actual internet. */
+   * on the actual Internet. */
   if (family == AF_INET6) {
     struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)&target_addr;
     sock = tor_open_socket(PF_INET6,SOCK_DGRAM,IPPROTO_UDP);
@@ -1380,7 +1380,7 @@ tor_dup_ip(uint32_t addr)
 
 /**
  * Set *<b>addr</b> to the host-order IPv4 address (if any) of whatever
- * interface connects to the internet.  This address should only be used in
+ * interface connects to the Internet.  This address should only be used in
  * checking whether our address has changed.  Return 0 on success, -1 on
  * failure.
  */

src/common/aes.c

@@ -27,9 +27,9 @@
  * via OpenSSL's EVP_EncryptUpdate function, or via the built-in AES
  * implementation below. */
 
-/** Defined iff we're using openssl's AES functions for AES. */
+/** Defined iff we're using OpenSSL's AES functions for AES. */
 #undef USE_OPENSSL_AES
-/** Defined iff we're using openssl's EVP code for AES. */
+/** Defined iff we're using OpenSSL's EVP code for AES. */
 #undef USE_OPENSSL_EVP
 /** Defined iff we're using Tor's internal AES implementation, defined
  * below. */
@@ -64,13 +64,13 @@
      !defined(USE_OPENSSL_EVP))
 
 /* OpenSSL 0.9.7 was the first to support AES.  It was slower than our
- *    builtin implementation.
+ *    built-in implementation.
  * OpenSSL 0.9.8 added assembly implementations for i386 and ia64.
  *    Either the i386 stuff isn't used for x86-64, or it isn't faster.
  * OpenSSL 0.9.9 (not yet out) has added assembly implementations for
  *    x86_64 (aka amd64), sparc9, and arm
  *
- * Note: the "f" at the end of openssl version numbers below means
+ * Note: the "f" at the end of OpenSSL version numbers below means
  * "release". */
 # if defined(CPU_IS_X86) || defined(CPU_IS_IA64)
 #  if OPENSSL_VERSION_NUMBER >= 0x0090800fL
@@ -84,7 +84,7 @@
 #  endif
 # endif
 
-/* Otherwise, use the builtin implementation below. */
+/* Otherwise, use the built-in implementation below. */
 # ifndef USE_OPENSSL_AES
 #  define USE_BUILTIN_AES
 # endif
@@ -380,7 +380,7 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv)
  *
  * @version 3.0 (December 2000)
  *
- * Optimised ANSI C code for the Rijndael cipher (now AES)
+ * Optimized ANSI C code for the Rijndael cipher (now AES)
  *
  * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
  * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>

src/common/compat.c

@@ -403,7 +403,7 @@ const char TOR_TOLOWER_TABLE[256] = {
  * function is called on __FILE__ to fix a MSVC nit where __FILE__
  * contains the full path to the file.  This is bad, because it
  * confuses users to find the home directory of the person who
- * compiled the binary in their warrning messages.
+ * compiled the binary in their warning messages.
  */
 const char *
 tor_fix_source_file(const char *fname)
@@ -490,7 +490,7 @@ set_uint64(char *cp, uint64_t v)
 }
 
 /**
- * Rename the file <b>from</b> to the file <b>to</b>.  On unix, this is
+ * Rename the file <b>from</b> to the file <b>to</b>.  On Unix, this is
  * the same as rename(2).  On windows, this removes <b>to</b> first if
  * it already exists.
  * Returns 0 on success.  Returns -1 and sets errno on failure.
@@ -632,7 +632,7 @@ tor_lockfile_unlock(tor_lockfile_t *lockfile)
   tor_free(lockfile);
 }
 
-/* Some old versions of unix didn't define constants for these values,
+/* Some old versions of Unix didn't define constants for these values,
  * and instead expect you to say 0, 1, or 2. */
 #ifndef SEEK_CUR
 #define SEEK_CUR 1
@@ -1568,7 +1568,7 @@ get_uname(void)
   if (!uname_result_is_set) {
 #ifdef HAVE_UNAME
     if (uname(&u) != -1) {
-      /* (linux says 0 is success, solaris says 1 is success) */
+      /* (Linux says 0 is success, Solaris says 1 is success) */
       tor_snprintf(uname_result, sizeof(uname_result), "%s %s",
                u.sysname, u.machine);
     } else
@@ -1729,7 +1729,7 @@ tor_pthread_helper_fn(void *_data)
 #endif
 
 /** Minimalist interface to run a void function in the background.  On
- * unix calls fork, on win32 calls beginthread.  Returns -1 on failure.
+ * Unix calls fork, on win32 calls beginthread.  Returns -1 on failure.
  * func should not return, but rather should call spawn_exit.
  *
  * NOTE: if <b>data</b> is used, it should not be allocated on the stack,
@@ -1803,7 +1803,7 @@ tor_gettimeofday(struct timeval *timeval)
 {
 #ifdef MS_WINDOWS
   /* Epoch bias copied from perl: number of units between windows epoch and
-   * unix epoch. */
+   * Unix epoch. */
 #define EPOCH_BIAS U64_LITERAL(116444736000000000)
 #define UNITS_PER_SEC U64_LITERAL(10000000)
 #define USEC_PER_SEC U64_LITERAL(1000000)
@@ -1936,7 +1936,7 @@ static pthread_mutexattr_t attr_reentrant;
 /** True iff we've called tor_threads_init() */
 static int threads_initialized = 0;
 /** Initialize <b>mutex</b> so it can be locked.  Every mutex must be set
- * up eith tor_mutex_init() or tor_mutex_new(); not both. */
+ * up with tor_mutex_init() or tor_mutex_new(); not both. */
 void
 tor_mutex_init(tor_mutex_t *mutex)
 {
@@ -2076,6 +2076,7 @@ tor_threads_init(void)
     pthread_mutexattr_init(&attr_reentrant);
     pthread_mutexattr_settype(&attr_reentrant, PTHREAD_MUTEX_RECURSIVE);
     threads_initialized = 1;
+    set_main_thread();
   }
 }
 #elif defined(USE_WIN32_THREADS)
@@ -2168,9 +2169,27 @@ tor_threads_init(void)
 #if 0
   cond_event_tls_index = TlsAlloc();
 #endif
+  set_main_thread();
 }
 #endif
 
+/** Identity of the "main" thread */
+static unsigned long main_thread_id = -1;
+
+/** Start considering the current thread to be the 'main thread'.  This has
+ * no effect on anything besides in_main_thread(). */
+void
+set_main_thread(void)
+{
+  main_thread_id = tor_get_thread_id();
+}
+/** Return true iff called from the main thread. */
+int
+in_main_thread(void)
+{
+  return main_thread_id == tor_get_thread_id();
+}
+
 /**
  * On Windows, WSAEWOULDBLOCK is not always correct: when you see it,
  * you need to ask the socket for its actual errno.  Also, you need to
@@ -2259,7 +2278,7 @@ struct { int code; const char *msg; } windows_socket_errors[] = {
    */
   { -1, NULL },
 };
-/** There does not seem to be a strerror equivalent for winsock errors.
+/** There does not seem to be a strerror equivalent for Winsock errors.
  * Naturally, we have to roll our own.
  */
 const char *
@@ -2301,7 +2320,7 @@ network_init(void)
 /** Return a newly allocated string describing the windows system error code
  * <b>err</b>.  Note that error codes are different from errno.  Error codes
  * come from GetLastError() when a winapi call fails.  errno is set only when
- * ansi functions fail.  Whee. */
+ * ANSI functions fail.  Whee. */
 char *
 format_win32_error(DWORD err)
 {

src/common/compat.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2003-2004, Roger Dingledinex
+/* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  * Copyright (c) 2007-2009, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
@@ -522,6 +522,9 @@ void tor_threads_init(void);
 #define tor_threads_init() STMT_NIL
 #endif
 
+void set_main_thread(void);
+int in_main_thread(void);
+
 #ifdef TOR_IS_MULTITHREADED
 #if 0
 typedef struct tor_cond_t tor_cond_t;

src/common/container.c

@@ -1227,7 +1227,7 @@ IMPLEMENT_ORDER_FUNC(find_nth_long, long)
 digestset_t *
 digestset_new(int max_elements)
 {
-  /* The probability of false positivies is about P=(1 - exp(-kn/m))^k, where k
+  /* The probability of false positives is about P=(1 - exp(-kn/m))^k, where k
    * is the number of hash functions per entry, m is the bits in the array,
    * and n is the number of elements inserted.  For us, k==4, n<=max_elements,
    * and m==n_bits= approximately max_elements*32.  This gives

src/common/container.h

@@ -11,7 +11,7 @@
 /** A resizeable list of pointers, with associated helpful functionality.
  *
  * The members of this struct are exposed only so that macros and inlines can
- * use them; all access to smartlist internals should go throuch the functions
+ * use them; all access to smartlist internals should go through the functions
  * and macros defined here.
  **/
 typedef struct smartlist_t {
@@ -229,7 +229,7 @@ char *smartlist_join_strings2(smartlist_t *sl, const char *join,
   STMT_END
 
 /* Helper: Given two lists of items, possibly of different types, such that
- * both lists are sorted on some common field (as determened by a comparison
+ * both lists are sorted on some common field (as determined by a comparison
  * expression <b>cmpexpr</b>), and such that one list (<b>sl1</b>) has no
  * duplicates on the common field, loop through the lists in lockstep, and
  * execute <b>unmatched_var2</b> on items in var2 that do not appear in

src/common/crypto.c

@@ -18,7 +18,7 @@
 #define WIN32_LEAN_AND_MEAN
 #include <windows.h>
 #include <wincrypt.h>
-/* Windows defines this; so does openssl 0.9.8h and later. We don't actually
+/* Windows defines this; so does OpenSSL 0.9.8h and later. We don't actually
  * use either definition. */
 #undef OCSP_RESPONSE
 #endif
@@ -56,7 +56,7 @@
 #include "compat.h"
 
 #if OPENSSL_VERSION_NUMBER < 0x00907000l
-#error "We require openssl >= 0.9.7"
+#error "We require OpenSSL >= 0.9.7"
 #endif
 
 #include <openssl/engine.h>
@@ -67,13 +67,13 @@
 #define PRIVATE_KEY_OK(k) ((k) && (k)->key && (k)->key->p)
 
 #ifdef TOR_IS_MULTITHREADED
-/** A number of prealloced mutexes for use by openssl. */
+/** A number of preallocated mutexes for use by OpenSSL. */
 static tor_mutex_t **_openssl_mutexes = NULL;
-/** How many mutexes have we allocated for use by openssl? */
+/** How many mutexes have we allocated for use by OpenSSL? */
 static int _n_openssl_mutexes = 0;
 #endif
 
-/** A public key, or a public/private keypair. */
+/** A public key, or a public/private key-pair. */
 struct crypto_pk_env_t
 {
   int refs; /* reference counting so we don't have to copy keys */
@@ -405,10 +405,10 @@ crypto_pk_generate_key(crypto_pk_env_t *env)
   if (env->key)
     RSA_free(env->key);
 #if OPENSSL_VERSION_NUMBER < 0x00908000l
-  /* In openssl 0.9.7, RSA_generate_key is all we have. */
+  /* In OpenSSL 0.9.7, RSA_generate_key is all we have. */
   env->key = RSA_generate_key(PK_BYTES*8,65537, NULL, NULL);
 #else
-  /* In openssl 0.9.8, RSA_generate_key is deprecated. */
+  /* In OpenSSL 0.9.8, RSA_generate_key is deprecated. */
   {
     BIGNUM *e = BN_new();
     RSA *r = NULL;
@@ -452,7 +452,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
   tor_assert(env);
   tor_assert(s);
 
-  /* Create a read-only memory BIO, backed by the nul-terminated string 's' */
+  /* Create a read-only memory BIO, backed by the NUL-terminated string 's' */
   b = BIO_new_mem_buf((char*)s, -1);
 
   if (env->key)
@@ -1054,7 +1054,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
   RSA *rsa;
   unsigned char *buf;
   /* This ifdef suppresses a type warning.  Take out the first case once
-   * everybody is using openssl 0.9.7 or later.
+   * everybody is using OpenSSL 0.9.7 or later.
    */
   const unsigned char *cp;
   cp = buf = tor_malloc(len);
@@ -1393,7 +1393,7 @@ crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data,
   tor_assert(digest);
   tor_assert(data);
   /* Using the SHA1_*() calls directly means we don't support doing
-   * sha1 in hardware. But so far the delay of getting the question
+   * SHA1 in hardware. But so far the delay of getting the question
    * to the hardware, and hearing the answer, is likely higher than
    * just doing it ourselves. Hashes are fast.
    */
@@ -1554,7 +1554,7 @@ crypto_dh_generate_public(crypto_dh_env_t *dh)
   if (tor_check_dh_key(dh->dh->pub_key)<0) {
     log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid.  I guess once-in-"
              "the-universe chances really do happen.  Trying again.");
-    /* Free and clear the keys, so openssl will actually try again. */
+    /* Free and clear the keys, so OpenSSL will actually try again. */
     BN_free(dh->dh->pub_key);
     BN_free(dh->dh->priv_key);
     dh->dh->pub_key = dh->dh->priv_key = NULL;
@@ -1593,7 +1593,7 @@ crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey, size_t pubkey_len)
   return 0;
 }
 
-/** Check for bad diffie-hellman public keys (g^x).  Return 0 if the key is
+/** Check for bad Diffie-Hellman public keys (g^x).  Return 0 if the key is
  * okay (in the subgroup [2,p-2]), or -1 if it's bad.
  * See http://www.cl.cam.ac.uk/ftp/users/rja14/psandqs.ps.gz for some tips.
  */
@@ -1742,11 +1742,11 @@ crypto_dh_free(crypto_dh_env_t *dh)
  * work for us too. */
 #define ADD_ENTROPY 32
 
-/* Use RAND_poll if openssl is 0.9.6 release or later.  (The "f" means
+/* Use RAND_poll if OpenSSL is 0.9.6 release or later.  (The "f" means
    "release".)  */
 #define HAVE_RAND_POLL (OPENSSL_VERSION_NUMBER >= 0x0090600fl)
 
-/* Versions of openssl prior to 0.9.7k and 0.9.8c had a bug where RAND_poll
+/* Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll
  * would allocate an fd_set on the stack, open a new file, and try to FD_SET
  * that fd without checking whether it fit in the fd_set.  Thus, if the
  * system has not just been started up, it is unsafe to call */
@@ -2281,7 +2281,7 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
 }
 
 #ifdef TOR_IS_MULTITHREADED
-/** Helper: openssl uses this callback to manipulate mutexes. */
+/** Helper: OpenSSL uses this callback to manipulate mutexes. */
 static void
 _openssl_locking_cb(int mode, int n, const char *file, int line)
 {
@@ -2298,12 +2298,13 @@ _openssl_locking_cb(int mode, int n, const char *file, int line)
     tor_mutex_release(_openssl_mutexes[n]);
 }
 
-/** OpenSSL helper type: wraps a Tor mutex so that openssl can  */
+/** OpenSSL helper type: wraps a Tor mutex so that OpenSSL can use it
+ * as a lock. */
 struct CRYPTO_dynlock_value {
   tor_mutex_t *lock;
 };
 
-/** Openssl callback function to allocate a lock: see CRYPTO_set_dynlock_*
+/** OpenSSL callback function to allocate a lock: see CRYPTO_set_dynlock_*
  * documentation in OpenSSL's docs for more info. */
 static struct CRYPTO_dynlock_value *
 _openssl_dynlock_create_cb(const char *file, int line)
@@ -2316,7 +2317,7 @@ _openssl_dynlock_create_cb(const char *file, int line)
   return v;
 }
 
-/** Openssl callback function to acquire or release a lock: see
+/** OpenSSL callback function to acquire or release a lock: see
  * CRYPTO_set_dynlock_* documentation in OpenSSL's docs for more info. */
 static void
 _openssl_dynlock_lock_cb(int mode, struct CRYPTO_dynlock_value *v,
@@ -2330,7 +2331,7 @@ _openssl_dynlock_lock_cb(int mode, struct CRYPTO_dynlock_value *v,
     tor_mutex_release(v->lock);
 }
 
-/** Openssl callback function to free a lock: see CRYPTO_set_dynlock_*
+/** OpenSSL callback function to free a lock: see CRYPTO_set_dynlock_*
  * documentation in OpenSSL's docs for more info. */
 static void
 _openssl_dynlock_destroy_cb(struct CRYPTO_dynlock_value *v,

src/common/ht.h

@@ -426,7 +426,7 @@ ht_string_hash(const char *s)
 
 /*
  * Copyright 2005, Nick Mathewson.  Implementation logic is adapted from code
- * by Cristopher Clark, retrofit to allow drop-in memory management, and to
+ * by Christopher Clark, retrofit to allow drop-in memory management, and to
  * use the same interface as Niels Provos's HT_H.  I'm not sure whether this
  * is a derived work any more, but whether it is or not, the license below
  * applies.

src/common/log.h

@@ -53,7 +53,7 @@
 
 /** Catch-all for miscellaneous events and fatal errors. */
 #define LD_GENERAL  (1u<<0)
-/** The cryptography subsytem. */
+/** The cryptography subsystem. */
 #define LD_CRYPTO   (1u<<1)
 /** Networking. */
 #define LD_NET      (1u<<2)

src/common/mempool.c

@@ -54,7 +54,7 @@
  *   - One pointer overhead per allocated thing.  (The alternative is
  *     something like glib's use of an RB-tree to keep track of what
  *     chunk any given piece of memory is in.)
- *   - Only aligns allocated things to void* level: redefign ALIGNMENT_TYPE
+ *   - Only aligns allocated things to void* level: redefine ALIGNMENT_TYPE
  *     if you need doubles.
  *   - Could probably be optimized a bit; the representation contains
  *     a bit more info than it really needs to have.

src/common/torgzip.c

@@ -365,7 +365,7 @@ tor_zlib_new(int compress, compress_method_t method)
  return NULL;
 }
 
-/** Compress/decommpress some bytes using <b>state</b>.  Read up to
+/** Compress/decompress some bytes using <b>state</b>.  Read up to
  * *<b>in_len</b> bytes from *<b>in</b>, and write up to *<b>out_len</b> bytes
  * to *<b>out</b>, adjusting the values as we go.  If <b>finish</b> is true,
  * we've reached the end of the input.

src/common/tortls.c

@@ -26,7 +26,7 @@
 #include <openssl/opensslv.h>
 
 #if OPENSSL_VERSION_NUMBER < 0x00907000l
-#error "We require openssl >= 0.9.7"
+#error "We require OpenSSL >= 0.9.7"
 #endif
 
 #define CRYPTO_PRIVATE /* to import prototypes from crypto.h */
@@ -70,7 +70,7 @@ struct tor_tls_t {
   tor_tls_context_t *context; /** A link to the context object for this tls. */
   SSL *ssl; /**< An OpenSSL SSL object. */
   int socket; /**< The underlying file descriptor for this TLS connection. */
-  char *address; /**< An address to log when describing this connectinon. */
+  char *address; /**< An address to log when describing this connection. */
   enum {
     TOR_TLS_ST_HANDSHAKE, TOR_TLS_ST_OPEN, TOR_TLS_ST_GOTCLOSE,
     TOR_TLS_ST_SENTCLOSE, TOR_TLS_ST_CLOSED, TOR_TLS_ST_RENEGOTIATE,
@@ -454,7 +454,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
 #define CIPHER(id, name) name ":"
 #define XCIPHER(id, name)
 /** List of ciphers that clients should advertise, omitting items that
- * our openssl doesn't know about. */
+ * our OpenSSL doesn't know about. */
 static const char CLIENT_CIPHER_LIST[] =
 #include "./ciphers.inc"
   ;
@@ -464,7 +464,7 @@ static const char CLIENT_CIPHER_LIST[] =
 /** Holds a cipher that we want to advertise, and its 2-byte ID. */
 typedef struct cipher_info_t { unsigned id; const char *name; } cipher_info_t;
 /** A list of all the ciphers that clients should advertise, including items
- * that openssl might not know about. */
+ * that OpenSSL might not know about. */
 static const cipher_info_t CLIENT_CIPHER_INFO_LIST[] = {
 #define CIPHER(id, name) { id, name },
 #define XCIPHER(id, name) { id, #name },
@@ -879,7 +879,7 @@ tor_tls_set_logged_address(tor_tls_t *tls, const char *address)
 
 /** Set <b>cb</b> to be called with argument <b>arg</b> whenever <b>tls</b>
  * next gets a client-side renegotiate in the middle of a read.  Do not
- * invoke this function untile <em>after</em> initial handshaking is done!
+ * invoke this function until <em>after</em> initial handshaking is done!
  */
 void
 tor_tls_set_renegotiate_callback(tor_tls_t *tls,

src/common/util.c

@@ -1088,7 +1088,7 @@ format_rfc1123_time(char *buf, time_t t)
 /** Parse the the RFC1123 encoding of some time (in GMT) from <b>buf</b>,
  * and store the result in *<b>t</b>.
  *
- * Return 0 on succcess, -1 on failure.
+ * Return 0 on success, -1 on failure.
 */
 int
 parse_rfc1123_time(const char *buf, time_t *t)
@@ -1319,7 +1319,7 @@ format_time_interval(char *out, size_t out_len, long interval)
  * ===== */
 
 #ifndef TIME_IS_FAST
-/** Cached estimate of the currrent time.  Updated around once per second;
+/** Cached estimate of the current time.  Updated around once per second;
  * may be a few seconds off if we are really busy.  This is a hack to avoid
  * calling time(NULL) (which not everybody has optimized) on critical paths.
  */
@@ -1350,7 +1350,7 @@ update_approx_time(time_t now)
  * XXXX022 Use this consistently or rip most of it out.
  * ===== */
 
-/* In a perfect world, everybody would run ntp, and ntp would be perfect, so
+/* In a perfect world, everybody would run NTP, and NTP would be perfect, so
  * if we wanted to know "Is the current time before time X?" we could just say
  * "time(NULL) < X".
  *
@@ -2480,6 +2480,8 @@ start_daemon(void)
     if (fork() != 0) {
       exit(0);
     }
+    set_main_thread(); /* We are now the main thread. */
+
     return;
   }
 }

src/common/util.h

@@ -29,7 +29,7 @@
  */
 #ifdef NDEBUG
 /* Nobody should ever want to build with NDEBUG set.  99% of our asserts will
- * be outside the critical path anyway, so it's silly to disable bugchecking
+ * be outside the critical path anyway, so it's silly to disable bug-checking
  * throughout the entire program just because a few asserts are slowing you
  * down.  Profile, optimize the critical path, and keep debugging on.
  *

src/or/buffers.c

@@ -161,7 +161,7 @@ chunk_free(chunk_t *chunk)
 }
 
 /** Allocate a new chunk with a given allocation size, or get one from the
- * freelist.  Note that a chunk with allocation size A can actualy hold only
+ * freelist.  Note that a chunk with allocation size A can actually hold only
  * CHUNK_SIZE_WITH_ALLOC(A) bytes in its mem field. */
 static INLINE chunk_t *
 chunk_new_with_alloc_size(size_t alloc)
@@ -787,7 +787,7 @@ flush_chunk(int s, buf_t *buf, chunk_t *chunk, size_t sz,
  * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>.  (Tries to write
  * more if there is a forced pending write size.)  On success, deduct the
  * bytes written from *<b>buf_flushlen</b>.  Return the number of bytes
- * written on success, and a TOR_TLS error code on failue or blocking.
+ * written on success, and a TOR_TLS error code on failure or blocking.
  */
 static INLINE int
 flush_chunk_tls(tor_tls_t *tls, buf_t *buf, chunk_t *chunk,
@@ -1108,7 +1108,7 @@ buf_find_pos_of_char(char ch, buf_pos_t *out)
 }
 
 /** Advance <b>pos</b> by a single character, if there are any more characters
- * in the buffer.  Returns 0 on sucess, -1 on failure. */
+ * in the buffer.  Returns 0 on success, -1 on failure. */
 static INLINE int
 buf_pos_inc(buf_pos_t *pos)
 {
@@ -1169,13 +1169,13 @@ buf_find_string_offset(const buf_t *buf, const char *s, size_t n)
 }
 
 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
- * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain nuls.)
+ * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain NULs.)
  * If a) the headers include a Content-Length field and all bytes in
  * the body are present, or b) there's no Content-Length field and
  * all headers are present, then:
  *
- *  - strdup headers into <b>*headers_out</b>, and nul-terminate it.
- *  - memdup body into <b>*body_out</b>, and nul-terminate it.
+ *  - strdup headers into <b>*headers_out</b>, and NUL-terminate it.
+ *  - memdup body into <b>*body_out</b>, and NUL-terminate it.
  *  - Then remove them from <b>buf</b>, and return 1.
  *
  *  - If headers or body is NULL, discard that part of the buf.
@@ -1259,14 +1259,14 @@ fetch_from_buf_http(buf_t *buf,
   if (headers_out) {
     *headers_out = tor_malloc(headerlen+1);
     fetch_from_buf(*headers_out, headerlen, buf);
-    (*headers_out)[headerlen] = 0; /* nul terminate it */
+    (*headers_out)[headerlen] = 0; /* NUL terminate it */
   }
   if (body_out) {
     tor_assert(body_used);
     *body_used = bodylen;
     *body_out = tor_malloc(bodylen+1);
     fetch_from_buf(*body_out, bodylen, buf);
-    (*body_out)[bodylen] = 0; /* nul terminate it */
+    (*body_out)[bodylen] = 0; /* NUL terminate it */
   }
   check();
   return 1;

src/or/circuitbuild.c

@@ -1436,17 +1436,67 @@ choose_good_exit_server(uint8_t purpose, routerlist_t *dir,
 /** Log a warning if the user specified an exit for the circuit that
  * has been excluded from use by ExcludeNodes or ExcludeExitNodes. */
 static void
-warn_if_router_excluded(const extend_info_t *exit)
+warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
 {
   or_options_t *options = get_options();
-  routerinfo_t *ri = router_get_by_digest(exit->identity_digest);
+  routerset_t *rs = options->ExcludeNodes;
+  const char *description;
+  int severity;
+  int domain = LD_CIRC;
 
-  if (!ri || !options->_ExcludeExitNodesUnion)
-    return;
+  switch (purpose)
+    {
+    default:
+    case CIRCUIT_PURPOSE_OR:
+    case CIRCUIT_PURPOSE_INTRO_POINT:
+    case CIRCUIT_PURPOSE_REND_POINT_WAITING:
+    case CIRCUIT_PURPOSE_REND_ESTABLISHED:
+      log_warn(LD_BUG, "Called on non-origin circuit (purpose %d)",
+               (int)purpose);
+      return;
+    case CIRCUIT_PURPOSE_C_GENERAL:
+      description = "Requested exit node";
+      rs = options->_ExcludeExitNodesUnion;
+      severity = LOG_WARN;
+      break;
+    case CIRCUIT_PURPOSE_C_INTRODUCING:
+    case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
+    case CIRCUIT_PURPOSE_C_INTRODUCE_ACKED:
+      description = "Introduction point for hidden service";
+      severity = LOG_INFO;
+      break;
+    case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
+    case CIRCUIT_PURPOSE_C_REND_READY:
+    case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
+    case CIRCUIT_PURPOSE_C_REND_JOINED:
+      description = "Chosen rendezvous point";
+      severity = LOG_WARN;
+      domain = LD_BUG;
+      break;
+    case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
+      description = "Chosen introduction point";
+      severity = LOG_INFO;
+      break;
+    case CIRCUIT_PURPOSE_S_CONNECT_REND:
+    case CIRCUIT_PURPOSE_S_REND_JOINED:
+      description = "Client-selected rendezvous point";
+      severity = LOG_INFO;
+      break;
+    case CIRCUIT_PURPOSE_TESTING:
+      description = "Target for testing circuit";
+      severity = LOG_INFO;
+      break;
+    case CIRCUIT_PURPOSE_CONTROLLER:
+      rs = options->_ExcludeExitNodesUnion;
+      description = "Controller-selected circuit target";
+      severity = LOG_WARN;
+      break;
+    }
 
-  if (routerset_contains_router(options->_ExcludeExitNodesUnion, ri))
-    log_warn(LD_CIRC,"Requested exit node '%s' is in ExcludeNodes, "
-             "or ExcludeExitNodes, using anyway.",exit->nickname);
+  if (routerset_contains_extendinfo(rs, exit))
+    log_fn(severity, domain, "%s '%s' is in ExcludeNodes%s.  Using anyway.",
+           description,exit->nickname,
+           rs==options->ExcludeNodes?"":" or ExcludeExitNodes.");
 
   return;
 }
@@ -1471,7 +1521,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit)
   }
 
   if (exit) { /* the circuit-builder pre-requested one */
-    warn_if_router_excluded(exit);
+    warn_if_last_router_excluded(circ->_base.purpose, exit);
     log_info(LD_CIRC,"Using requested exit node '%s'", exit->nickname);
     exit = extend_info_dup(exit);
   } else { /* we have to decide one */
@@ -1938,7 +1988,7 @@ entry_is_time_to_retry(entry_guard_t *e, time_t now)
  * right now. (Else return NULL.) In particular, it must be
  * - Listed as either up or never yet contacted;
  * - Present in the routerlist;
- * - Listed as 'stable' or 'fast' by the current dirserver concensus,
+ * - Listed as 'stable' or 'fast' by the current dirserver consensus,
  *   if demanded by <b>need_uptime</b> or <b>need_capacity</b>;
  *   (This check is currently redundant with the Guard flag, but in
  *   the future that might change. Best to leave it in for now.)
@@ -2025,7 +2075,7 @@ log_entry_guards(int severity)
 
 /** Called when one or more guards that we would previously have used for some
  * purpose are no longer in use because a higher-priority guard has become
- * useable again. */
+ * usable again. */
 static void
 control_event_guard_deferred(void)
 {

src/or/circuituse.c

@@ -298,13 +298,13 @@ circuit_expire_building(time_t now)
     if (victim->purpose >= CIRCUIT_PURPOSE_C_INTRODUCING &&
         victim->purpose <= CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED) {
       if (!victim->timestamp_dirty)
-        log_fn(LOG_DEBUG,"Considering %sopen purp %d to %s (circid %d)."
+        log_fn(LOG_DEBUG,"Considering %sopen purpose %d to %s (circid %d)."
                "(clean).",
                victim->state == CIRCUIT_STATE_OPEN ? "" : "non",
                victim->purpose, victim->build_state->chosen_exit_name,
                victim->n_circ_id);
       else
-        log_fn(LOG_DEBUG,"Considering %sopen purp %d to %s (circid %d). "
+        log_fn(LOG_DEBUG,"Considering %sopen purpose %d to %s (circid %d). "
                "%d secs since dirty.",
                victim->state == CIRCUIT_STATE_OPEN ? "" : "non",
                victim->purpose, victim->build_state->chosen_exit_name,
@@ -512,7 +512,7 @@ circuit_predict_and_launch_new(void)
     flags |= CIRCLAUNCH_IS_INTERNAL;
     log_info(LD_CIRC,
              "Have %d clean circs (%d uptime-internal, %d internal), need"
-             " another hidserv circ.",
+             " another hidden service circ.",
              num, num_uptime_internal, num_internal);
     circuit_launch_by_router(CIRCUIT_PURPOSE_C_GENERAL, NULL, flags);
     return;
@@ -642,7 +642,8 @@ circuit_expire_old_circuits(time_t now)
     if (circ->timestamp_dirty &&
         circ->timestamp_dirty + get_options()->MaxCircuitDirtiness < now &&
         !TO_ORIGIN_CIRCUIT(circ)->p_streams /* nothing attached */ ) {
-      log_debug(LD_CIRC, "Closing n_circ_id %d (dirty %d secs ago, purp %d)",
+      log_debug(LD_CIRC, "Closing n_circ_id %d (dirty %d secs ago, "
+                "purpose %d)",
                 circ->n_circ_id, (int)(now - circ->timestamp_dirty),
                 circ->purpose);
       circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
@@ -1035,7 +1036,7 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
   if (!want_onehop && !router_have_minimum_dir_info()) {
     if (!connection_get_by_type(CONN_TYPE_DIR)) {
       int severity = LOG_NOTICE;
-      /* FFFF if this is a tunnelled directory fetch, don't yell
+      /* FFFF if this is a tunneled directory fetch, don't yell
        * as loudly. the user doesn't even know it's happening. */
       if (options->UseBridges && bridges_known_but_down()) {
         log_fn(severity, LD_APP|LD_DIR,
@@ -1108,7 +1109,7 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
       extend_info = rend_client_get_random_intro(conn->rend_data);
       if (!extend_info) {
         log_info(LD_REND,
-                 "No intro points for '%s': refetching service descriptor.",
+                 "No intro points for '%s': re-fetching service descriptor.",
                  safe_str(conn->rend_data->onion_address));
         /* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
          * arrives first. Exception: When using client authorization, only
@@ -1451,7 +1452,7 @@ connection_ap_handshake_attach_circuit(edge_connection_t *conn)
                rendcirc->_base.n_circ_id, conn_age);
       /* Mark rendezvous circuits as 'newly dirty' every time you use
        * them, since the process of rebuilding a rendezvous circ is so
-       * expensive. There is a tradeoffs between linkability and
+       * expensive. There is a tradeoff between linkability and
        * feasibility, at this point.
        */
       rendcirc->_base.timestamp_dirty = time(NULL);

src/or/config.c

@@ -25,7 +25,7 @@ typedef enum config_type_t {
   CONFIG_TYPE_MEMUNIT,      /**< A number of bytes, with optional units*/
   CONFIG_TYPE_DOUBLE,       /**< A floating-point value */
   CONFIG_TYPE_BOOL,         /**< A boolean value, expressed as 0 or 1. */
-  CONFIG_TYPE_ISOTIME,      /**< An ISO-formated time relative to GMT. */
+  CONFIG_TYPE_ISOTIME,      /**< An ISO-formatted time relative to GMT. */
   CONFIG_TYPE_CSV,          /**< A list of strings, separated by commas and
                               * optional whitespace. */
   CONFIG_TYPE_LINELIST,     /**< Uninterpreted config lines */
@@ -449,7 +449,7 @@ static config_var_description_t options_description[] = {
     "host:port (or host:80 if port is not set)." },
   { "HTTPProxyAuthenticator", "A username:password pair to be used with "
     "HTTPProxy." },
-  { "HTTPSProxy", "Force Tor to make all TLS (SSL) connectinos through this "
+  { "HTTPSProxy", "Force Tor to make all TLS (SSL) connections through this "
     "host:port (or host:80 if port is not set)." },
   { "HTTPSProxyAuthenticator", "A username:password pair to be used with "
     "HTTPSProxy." },
@@ -693,6 +693,9 @@ static int or_state_validate(or_state_t *old_options, or_state_t *options,
 static int or_state_load(void);
 static int options_init_logs(or_options_t *options, int validate_only);
 
+static int is_listening_on_low_port(uint16_t port_option,
+                                    const config_line_t *listen_options);
+
 static uint64_t config_parse_memunit(const char *s, int *ok);
 static int config_parse_interval(const char *s, int *ok);
 static void init_libevent(void);
@@ -1285,7 +1288,7 @@ options_act(or_options_t *old_options)
     finish_daemon(options->DataDirectory);
   }
 
-  /* Write our pid to the pid file. If we do not have write permissions we
+  /* Write our PID to the PID file. If we do not have write permissions we
    * will log a warning */
   if (running_tor && options->PidFile)
     write_pidfile(options->PidFile);
@@ -1331,7 +1334,7 @@ options_act(or_options_t *old_options)
 
     if (! bool_eq(options->BridgeRelay, old_options->BridgeRelay)) {
       log_info(LD_GENERAL, "Bridge status changed.  Forgetting GeoIP stats.");
-      geoip_remove_old_clients(time(NULL)+3600);
+      geoip_remove_old_clients(time(NULL)+(2*60*60));
     }
 
     if (options_transition_affects_workers(old_options, options)) {
@@ -1407,7 +1410,7 @@ options_act(or_options_t *old_options)
     }
   }
 
-  /* Load the webpage we're going to serve everytime someone asks for '/' on
+  /* Load the webpage we're going to serve every time someone asks for '/' on
      our DirPort. */
   tor_free(global_dirfrontpagecontents);
   if (options->DirPortFrontPage) {
@@ -1440,7 +1443,7 @@ expand_abbrev(config_format_t *fmt, const char *option, int command_line,
   if (! fmt->abbrevs)
     return option;
   for (i=0; fmt->abbrevs[i].abbreviated; ++i) {
-    /* Abbreviations are casei. */
+    /* Abbreviations are case insensitive. */
     if (!strcasecmp(option,fmt->abbrevs[i].abbreviated) &&
         (command_line || !fmt->abbrevs[i].commandline_only)) {
       if (warn_obsolete && fmt->abbrevs[i].warn) {
@@ -1501,7 +1504,7 @@ config_get_commandlines(int argc, char **argv, config_line_t **result)
     (*new)->key = tor_strdup(expand_abbrev(&options_format, s, 1, 1));
     (*new)->value = tor_strdup(argv[i+1]);
     (*new)->next = NULL;
-    log(LOG_DEBUG, LD_CONFIG, "Commandline: parsed keyword '%s', value '%s'",
+    log(LOG_DEBUG, LD_CONFIG, "command line: parsed keyword '%s', value '%s'",
         (*new)->key, (*new)->value);
 
     new = &((*new)->next);
@@ -1610,7 +1613,7 @@ config_find_option(config_format_t *fmt, const char *key)
   int i;
   size_t keylen = strlen(key);
   if (!keylen)
-    return NULL; /* if they say "--" on the commandline, it's not an option */
+    return NULL; /* if they say "--" on the command line, it's not an option */
   /* First, check for an exact (case-insensitive) match */
   for (i=0; fmt->vars[i].name; ++i) {
     if (!strcasecmp(key, fmt->vars[i].name)) {
@@ -1815,7 +1818,7 @@ config_assign_line(config_format_t *fmt, or_options_t *options,
     if (!clear_first) {
       if (var->type == CONFIG_TYPE_LINELIST ||
           var->type == CONFIG_TYPE_LINELIST_S) {
-        /* We got an empty linelist from the torrc or commandline.
+        /* We got an empty linelist from the torrc or command line.
            As a special case, call this an error. Warn and ignore. */
         log_warn(LD_CONFIG,
                  "Linelist option '%s' has no value. Skipping.", c->key);
@@ -1865,7 +1868,7 @@ option_get_canonical_name(const char *key)
   return var ? var->name : NULL;
 }
 
-/** Return a canonicalized list of the options assigned for key.
+/** Return a canonical list of the options assigned for key.
  */
 config_line_t *
 option_get_assignment(or_options_t *options, const char *key)
@@ -2617,6 +2620,35 @@ options_init(or_options_t *options)
   config_init(&options_format, options);
 }
 
+/* Check if the port number given in <b>port_option</b> in combination with
+ * the specified port in <b>listen_options</b> will result in Tor actually
+ * opening a low port (meaning a port lower than 1024). Return 1 if
+ * it is, or 0 if it isn't or the concept of a low port isn't applicable for
+ * the platform we're on. */
+static int
+is_listening_on_low_port(uint16_t port_option,
+                         const config_line_t *listen_options)
+{
+#ifdef MS_WINDOWS
+  return 0; /* No port is too low for windows. */
+#else
+  const config_line_t *l;
+  uint16_t p;
+  if (port_option == 0)
+    return 0; /* We're not listening */
+  if (listen_options == NULL)
+    return (port_option < 1024);
+
+  for (l = listen_options; l; l = l->next) {
+    parse_addr_port(LOG_WARN, l->value, NULL, NULL, &p);
+    if (p<1024) {
+      return 1;
+    }
+  }
+  return 0;
+#endif
+}
+
 /** Set all vars in the configuration object <b>options</b> to their default
  * values. */
 static void
@@ -3018,17 +3050,18 @@ options_validate(or_options_t *old_options, or_options_t *options,
     REJECT("TransPort and TransListenAddress are disabled in this build.");
 #endif
 
-#ifndef MS_WINDOWS
-    if (options->AccountingMax &&
-        (options->DirPort < 1024 || options->ORPort < 1024))
-      log(LOG_WARN, LD_CONFIG,
+  if (options->AccountingMax &&
+      (is_listening_on_low_port(options->ORPort, options->ORListenAddress) ||
+       is_listening_on_low_port(options->DirPort, options->DirListenAddress)))
+  {
+    log(LOG_WARN, LD_CONFIG,
           "You have set AccountingMax to use hibernation. You have also "
           "chosen a low DirPort or OrPort. This combination can make Tor stop "
           "working when it tries to re-attach the port after a period of "
           "hibernation. Please choose a different port or turn off "
           "hibernation unless you know this combination will work on your "
           "platform.");
-#endif
+  }
 
   if (options->ExcludeExitNodes || options->ExcludeNodes) {
     options->_ExcludeExitNodesUnion = routerset_new();
@@ -3059,7 +3092,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
     if (!options->ContactInfo && !options->TestingTorNetwork)
       REJECT("Authoritative directory servers must set ContactInfo");
     if (options->V1AuthoritativeDir && !options->RecommendedVersions)
-      REJECT("V1 auth dir servers must set RecommendedVersions.");
+      REJECT("V1 authoritative dir servers must set RecommendedVersions.");
     if (!options->RecommendedClientVersions)
       options->RecommendedClientVersions =
         config_lines_dup(options->RecommendedVersions);
@@ -3069,7 +3102,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
     if (options->VersioningAuthoritativeDir &&
         (!options->RecommendedClientVersions ||
          !options->RecommendedServerVersions))
-      REJECT("Versioning auth dir servers must set Recommended*Versions.");
+      REJECT("Versioning authoritative dir servers must set "
+             "Recommended*Versions.");
     if (options->UseEntryGuards) {
       log_info(LD_CONFIG, "Authoritative directory servers can't set "
                "UseEntryGuards. Disabling.");
@@ -3675,7 +3709,7 @@ options_transition_allowed(or_options_t *old, or_options_t *new_val,
 }
 
 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
- * will require us to rotate the cpu and dns workers; else return 0. */
+ * will require us to rotate the CPU and DNS workers; else return 0. */
 static int
 options_transition_affects_workers(or_options_t *old_options,
                                    or_options_t *new_options)
@@ -3932,7 +3966,7 @@ options_init_from_torrc(int argc, char **argv)
   char *command_arg = NULL;
   char *errmsg=NULL;
 
-  if (argv) { /* first time we're called. save commandline args */
+  if (argv) { /* first time we're called. save command line args */
     backup_argv = argv;
     backup_argc = argc;
   } else { /* we're reloading. need to clean up old options first. */
@@ -4141,7 +4175,7 @@ get_torrc_fname(void)
     return get_default_conf_file();
 }
 
-/** Adjust the address map mased on the MapAddress elements in the
+/** Adjust the address map based on the MapAddress elements in the
  * configuration <b>options</b>
  */
 static void

src/or/connection.c

@@ -369,7 +369,7 @@ _connection_free(connection_t *conn)
     buf_free(conn->outbuf);
   } else {
     if (conn->socket_family == AF_UNIX) {
-      /* For now only control ports can be unix domain sockets
+      /* For now only control ports can be Unix domain sockets
        * and listeners at the same time */
       tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);
 
@@ -474,7 +474,7 @@ connection_free(connection_t *conn)
 }
 
 /** Call _connection_free() on every connection in our array, and release all
- * storage helpd by connection.c. This is used by cpuworkers and dnsworkers
+ * storage held by connection.c. This is used by cpuworkers and dnsworkers
  * when they fork, so they don't keep resources held open (especially
  * sockets).
  *
@@ -747,7 +747,7 @@ connection_expire_held_open(void)
  * for the new structure.  If no port is provided in <b>listenaddress</b> then
  * <b>listenport</b> is used.
  *
- * If not NULL <b>readable_addrress</b> will contain a copy of the host part of
+ * If not NULL <b>readable_address</b> will contain a copy of the host part of
  * <b>listenaddress</b>.
  *
  * The listenaddr struct has to be freed by the caller.
@@ -784,14 +784,14 @@ create_inet_sockaddr(const char *listenaddress, uint16_t listenport,
 
 #ifdef HAVE_SYS_UN_H
 /** Create an AF_UNIX listenaddr struct.
- * <b>listenaddress</b> provides the path to the unix socket.
+ * <b>listenaddress</b> provides the path to the Unix socket.
  *
  * Eventually <b>listenaddress</b> will also optionally contain user, group,
  * and file permissions for the new socket.  But not yet. XXX
  * Also, since we do not create the socket here the information doesn't help
  * here.
  *
- * If not NULL <b>readable_addrress</b> will contain a copy of the path part of
+ * If not NULL <b>readable_address</b> will contain a copy of the path part of
  * <b>listenaddress</b>.
  *
  * The listenaddr struct has to be freed by the caller.
@@ -919,7 +919,7 @@ connection_create_listener(struct sockaddr *listensockaddr, socklen_t socklen,
   } else if (listensockaddr->sa_family == AF_UNIX) {
     start_reading = 1;
 
-    /* For now only control ports can be unix domain sockets
+    /* For now only control ports can be Unix domain sockets
      * and listeners at the same time */
     tor_assert(type == CONN_TYPE_CONTROL_LISTENER);
 
@@ -1151,7 +1151,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
     newconn->address = tor_dup_addr(&addr);
 
   } else if (conn->socket_family == AF_UNIX) {
-    /* For now only control ports can be unix domain sockets
+    /* For now only control ports can be Unix domain sockets
      * and listeners at the same time */
     tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);
 
@@ -1179,7 +1179,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
 }
 
 /** Initialize states for newly accepted connection <b>conn</b>.
- * If conn is an OR, start the tls handshake.
+ * If conn is an OR, start the TLS handshake.
  * If conn is a transparent AP, get its original destination
  * and place it in circuit_wait.
  */
@@ -1810,7 +1810,7 @@ connection_bucket_init(void)
   }
 }
 
-/** Refill a single <b>bucket</b> called <b>name</b> with bandwith rate
+/** Refill a single <b>bucket</b> called <b>name</b> with bandwidth rate
  * <b>rate</b> and bandwidth burst <b>burst</b>, assuming that
  * <b>seconds_elapsed</b> seconds have passed since the last call.
  **/

src/or/connection_edge.c

@@ -266,7 +266,7 @@ connection_edge_end(edge_connection_t *conn, uint8_t reason)
   return 0;
 }
 
-/** An error has just occured on an operation on an edge connection
+/** An error has just occurred on an operation on an edge connection
  * <b>conn</b>.  Extract the errno; convert it to an end reason, and send an
  * appropriate relay end cell to the other end of the connection's circuit.
  **/
@@ -509,10 +509,10 @@ connection_ap_attach_pending(void)
   });
 }
 
-/** Tell any AP streams that are waiting for a onehop tunnel to
+/** Tell any AP streams that are waiting for a one-hop tunnel to
  * <b>failed_digest</b> that they are going to fail. */
 /* XXX022 We should get rid of this function, and instead attach
- * onehop streams to circ->p_streams so they get marked in
+ * one-hop streams to circ->p_streams so they get marked in
  * circuit_mark_for_close like normal p_streams. */
 void
 connection_ap_fail_onehop(const char *failed_digest,
@@ -543,7 +543,7 @@ connection_ap_fail_onehop(const char *failed_digest,
           build_state->chosen_exit->port != edge_conn->socks_request->port)
         continue;
     }
-    log_info(LD_APP, "Closing onehop stream to '%s/%s' because the OR conn "
+    log_info(LD_APP, "Closing one-hop stream to '%s/%s' because the OR conn "
                      "just failed.", edge_conn->chosen_exit_name,
                      edge_conn->socks_request->address);
     connection_mark_unattached_ap(edge_conn, END_STREAM_REASON_TIMEOUT);
@@ -631,12 +631,12 @@ connection_ap_detach_retriable(edge_connection_t *conn, origin_circuit_t *circ,
  * - A MapAddress command from the controller [permanent]
  * - An AddressMap directive in the torrc [permanent]
  * - When a TrackHostExits torrc directive is triggered [temporary]
- * - When a dns resolve succeeds [temporary]
- * - When a dns resolve fails [temporary]
+ * - When a DNS resolve succeeds [temporary]
+ * - When a DNS resolve fails [temporary]
  *
  * When an addressmap request is made but one is already registered,
  * the new one is replaced only if the currently registered one has
- * no "new_address" (that is, it's in the process of dns resolve),
+ * no "new_address" (that is, it's in the process of DNS resolve),
  * or if the new one is permanent (expires==0 or 1).
  *
  * (We overload the 'expires' field, using "0" for mappings set via
@@ -955,7 +955,7 @@ client_dns_incr_failures(const char *address)
   return ent->num_resolve_failures;
 }
 
-/** If <b>address</b> is in the client dns addressmap, reset
+/** If <b>address</b> is in the client DNS addressmap, reset
  * the number of resolve failures we have on record for it.
  * This is used when we fail a stream because it won't resolve:
  * otherwise future attempts on that address will only try once.
@@ -1683,9 +1683,6 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
       if (conn->rend_data->auth_type == REND_NO_AUTH)
         rend_client_refetch_renddesc(conn->rend_data->onion_address);
     } else { /* r > 0 */
-/** How long after we receive a hidden service descriptor do we consider
- * it valid? */
-#define NUM_SECONDS_BEFORE_HS_REFETCH (60*15)
       if (now - entry->received < NUM_SECONDS_BEFORE_HS_REFETCH) {
         conn->_base.state = AP_CONN_STATE_CIRCUIT_WAIT;
         log_info(LD_REND, "Descriptor is here and fresh enough. Great.");
@@ -1696,7 +1693,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
         }
       } else {
         conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
-        log_info(LD_REND, "Stale descriptor %s. Refetching.",
+        log_info(LD_REND, "Stale descriptor %s. Re-fetching.",
                  safe_str(conn->rend_data->onion_address));
         /* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
          * arrives first. Exception: When using client authorization, only
@@ -1717,7 +1714,7 @@ int
 get_pf_socket(void)
 {
   int pf;
-  /*  This should be opened before dropping privs. */
+  /*  This should be opened before dropping privileges. */
   if (pf_socket >= 0)
     return pf_socket;
 
@@ -2739,7 +2736,7 @@ connection_exit_connect(edge_connection_t *edge_conn)
 
       connection_watch_events(conn, EV_WRITE | EV_READ);
       /* writable indicates finish;
-       * readable/error indicates broken link in windowsland. */
+       * readable/error indicates broken link in windows-land. */
       return;
     /* case 1: fall through */
   }
@@ -2925,14 +2922,14 @@ parse_extended_hostname(char *address)
     if (!s)
       return NORMAL_HOSTNAME; /* no dot, thus normal */
     if (!strcmp(s+1,"exit")) {
-      *s = 0; /* nul-terminate it */
+      *s = 0; /* NUL-terminate it */
       return EXIT_HOSTNAME; /* .exit */
     }
     if (strcmp(s+1,"onion"))
       return NORMAL_HOSTNAME; /* neither .exit nor .onion, thus normal */
 
     /* so it is .onion */
-    *s = 0; /* nul-terminate it */
+    *s = 0; /* NUL-terminate it */
     if (strlcpy(query, address, REND_SERVICE_ID_LEN_BASE32+1) >=
         REND_SERVICE_ID_LEN_BASE32+1)
       goto failed;

src/or/control.c

@@ -533,7 +533,7 @@ send_control_done(control_connection_t *conn)
  * If <b>which</b> & SHORT_NAMES, the event contains short-format names: send
  * it to controllers that haven't enabled the VERBOSE_NAMES feature.  If
  * <b>which</b> & LONG_NAMES, the event contains long-format names: send it
- * to contollers that <em>have</em> enabled VERBOSE_NAMES.
+ * to controllers that <em>have</em> enabled VERBOSE_NAMES.
  *
  * The EXTENDED_FORMAT and NONEXTENDED_FORMAT flags behave similarly with
  * respect to the EXTENDED_EVENTS feature. */
@@ -832,7 +832,7 @@ handle_control_getconf(control_connection_t *conn, uint32_t body_len,
   or_options_t *options = get_options();
   int i, len;
 
-  (void) body_len; /* body is nul-terminated; so we can ignore len. */
+  (void) body_len; /* body is NUL-terminated; so we can ignore len. */
   smartlist_split_string(questions, body, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH(questions, const char *, q,
@@ -1286,7 +1286,7 @@ handle_control_signal(control_connection_t *conn, uint32_t len,
 }
 
 /** Called when we get a MAPADDRESS command; try to bind all listed addresses,
- * and report success or failrue. */
+ * and report success or failure. */
 static int
 handle_control_mapaddress(control_connection_t *conn, uint32_t len,
                           const char *body)
@@ -1296,7 +1296,7 @@ handle_control_mapaddress(control_connection_t *conn, uint32_t len,
   smartlist_t *reply;
   char *r;
   size_t sz;
-  (void) len; /* body is nul-terminated, so it's safe to ignore the length. */
+  (void) len; /* body is NUL-terminated, so it's safe to ignore the length. */
 
   lines = smartlist_create();
   elts = smartlist_create();
@@ -2042,7 +2042,7 @@ handle_control_getinfo(control_connection_t *conn, uint32_t len,
   smartlist_t *unrecognized = smartlist_create();
   char *msg = NULL, *ans = NULL;
   int i;
-  (void) len; /* body is nul-terminated, so it's safe to ignore the length. */
+  (void) len; /* body is NUL-terminated, so it's safe to ignore the length. */
 
   smartlist_split_string(questions, body, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
@@ -2253,7 +2253,7 @@ handle_control_setcircuitpurpose(control_connection_t *conn,
   origin_circuit_t *circ = NULL;
   uint8_t new_purpose;
   smartlist_t *args;
-  (void) len; /* body is nul-terminated, so it's safe to ignore the length. */
+  (void) len; /* body is NUL-terminated, so it's safe to ignore the length. */
 
   args = getargs_helper("SETCIRCUITPURPOSE", conn, body, 2, -1);
   if (!args)
@@ -3367,6 +3367,11 @@ control_event_logmsg(int severity, uint32_t domain, const char *msg)
 {
   int event;
 
+  /* Don't even think of trying to add stuff to a buffer from a cpuworker
+   * thread. */
+  if (! in_main_thread())
+    return;
+
   if (disable_log_messages)
     return;
 
@@ -3593,7 +3598,7 @@ control_event_newconsensus(const networkstatus_t *consensus)
 }
 
 /** Called when a single local_routerstatus_t has changed: Sends an NS event
- * to any countroller that cares. */
+ * to any controller that cares. */
 int
 control_event_networkstatus_changed_single(routerstatus_t *rs)
 {

src/or/directory.c

@@ -2894,7 +2894,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
                                         "application/octet-stream",
                                         NULL, NULL, 0);
         note_request("/tor/rendezvous?/", desc_len);
-        /* need to send descp separately, because it may include nuls */
+        /* need to send descp separately, because it may include NULs */
         connection_write_to_buf(descp, desc_len, TO_CONN(conn));
         /* report successful fetch to statistic */
         if (options->HSAuthorityRecordStats) {

src/or/dirserv.c

@@ -2755,7 +2755,7 @@ dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
  * message.
  *
  * XXXX rename this function.  It's only called from the controller.
- * XXXX in fact, refactor this function, mergeing as much as possible.
+ * XXXX in fact, refactor this function, merging as much as possible.
  */
 int
 dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
@@ -2972,7 +2972,7 @@ get_signed_descriptor_by_fp(const char *fp, int extrainfo,
   return NULL;
 }
 
-/** Return true iff we have any of the docments (extrainfo or routerdesc)
+/** Return true iff we have any of the documents (extrainfo or routerdesc)
  * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>.  Used to
  * decide whether to send a 404.  */
 int
@@ -3018,7 +3018,7 @@ dirserv_estimate_data_size(smartlist_t *fps, int is_serverdescs,
     routerinfo_t *me = router_get_my_routerinfo();
     result = (me?me->cache_info.signed_descriptor_len:2048) * n;
     if (compressed)
-      result /= 2; /* observed compressability is between 35 and 55%. */
+      result /= 2; /* observed compressibility is between 35 and 55%. */
   } else {
     result = 0;
     SMARTLIST_FOREACH(fps, const char *, digest, {

src/or/dirvote.c

@@ -341,7 +341,7 @@ _compare_vote_rs(const void **_a, const void **_b)
 /** Given a list of vote_routerstatus_t, all for the same router identity,
  * return whichever is most frequent, breaking ties in favor of more
  * recently published vote_routerstatus_t and in case of ties there,
- * in favour of smaller descriptor digest.
+ * in favor of smaller descriptor digest.
  */
 static vote_routerstatus_t *
 compute_routerstatus_consensus(smartlist_t *votes)
@@ -459,7 +459,7 @@ consensus_method_is_supported(int method)
 }
 
 /** Helper: given <b>lst</b>, a list of version strings such that every
- * version appears once for every versioning voter who recommends it, returna
+ * version appears once for every versioning voter who recommends it, return a
  * newly allocated string holding the resulting client-versions or
  * server-versions list. May change contents of <b>lst</b> */
 static char *
@@ -843,7 +843,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
         rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]);
         if (memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN))
           continue; /* doesn't include this router. */
-        /* At this point, we know that we're looking at a routersatus with
+        /* At this point, we know that we're looking at a routerstatus with
          * identity "lowest".
          */
         ++index[v_sl_idx];
@@ -955,7 +955,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
        * that descriptor.  If everybody plays nice all the voters who
        * listed that descriptor will have the same summary.  If not then
        * something is fishy and we'll use the most common one (breaking
-       * ties in favor of lexigraphically larger one (only because it
+       * ties in favor of lexicographically larger one (only because it
        * lets me reuse more existing code.
        *
        * The other case that can happen is that no authority that voted
@@ -996,8 +996,8 @@ networkstatus_compute_consensus(smartlist_t *votes,
           char dd[HEX_DIGEST_LEN+1];
           base16_encode(id, sizeof(dd), rs_out.identity_digest, DIGEST_LEN);
           base16_encode(dd, sizeof(dd), rs_out.descriptor_digest, DIGEST_LEN);
-          log_warn(LD_DIR, "The voters disgreed on the exit policy summary for"
-                   " router %s with descriptor %s.  This really shouldn't"
+          log_warn(LD_DIR, "The voters disagreed on the exit policy summary "
+                   " for router %s with descriptor %s.  This really shouldn't"
                    " have happened.", id, dd);
 
           smartlist_sort_strings(exitsummaries);
@@ -2101,7 +2101,7 @@ dirvote_add_signatures_to_pending_consensus(
   return r;
 }
 
-/** Helper: we just got the <b>deteached_signatures_body</b> sent to us as
+/** Helper: we just got the <b>detached_signatures_body</b> sent to us as
  * signatures on the currently pending consensus.  Add them to the pending
  * consensus (if we have one); otherwise queue them until we have a
  * consensus.  Return negative on failure, nonnegative on success. */
@@ -2117,7 +2117,7 @@ dirvote_add_signatures(const char *detached_signatures_body,
                                      detached_signatures_body, msg);
   } else {
     log_notice(LD_DIR, "Got a signature from %s. "
-                       "Queueing it for the next consensus.", source);
+                       "Queuing it for the next consensus.", source);
     if (!pending_consensus_signature_list)
       pending_consensus_signature_list = smartlist_create();
     smartlist_add(pending_consensus_signature_list,

src/or/dns.c

@@ -736,15 +736,25 @@ void
 assert_connection_edge_not_dns_pending(edge_connection_t *conn)
 {
   pending_connection_t *pend;
-  cached_resolve_t **resolve;
+  cached_resolve_t search;
 
+#if 1
+  cached_resolve_t *resolve;
+  strlcpy(search.address, conn->_base.address, sizeof(search.address));
+  resolve = HT_FIND(cache_map, &cache_root, &search);
+  if (!resolve)
+    return;
+  for (pend = resolve->pending_connections; pend; pend = pend->next) {
+    tor_assert(pend->conn != conn);
+  }
+#else
+  cached_resolve_t **resolve;
   HT_FOREACH(resolve, cache_map, &cache_root) {
-    for (pend = (*resolve)->pending_connections;
-         pend;
-         pend = pend->next) {
+    for (pend = (*resolve)->pending_connections; pend; pend = pend->next) {
       tor_assert(pend->conn != conn);
     }
   }
+#endif
 }
 
 /** Log an error and abort if any connection waiting for a DNS resolve is
@@ -1109,7 +1119,7 @@ configure_nameservers(int force)
       socklen = tor_addr_to_sockaddr(&addr, 0,
                                      (struct sockaddr *)&ss, sizeof(ss));
       if (socklen < 0) {
-        log_warn(LD_BUG, "Couldn't convert outboung bind address to sockaddr."
+        log_warn(LD_BUG, "Couldn't convert outbound bind address to sockaddr."
                  " Ignoring.");
       } else {
         evdns_set_default_outgoing_bind_address((struct sockaddr *)&ss,
@@ -1553,7 +1563,7 @@ dns_launch_correctness_checks(void)
   }
 }
 
-/** Return true iff our DNS servers lie to us too much to be trustd. */
+/** Return true iff our DNS servers lie to us too much to be trusted. */
 int
 dns_seems_to_be_broken(void)
 {

src/or/eventdns.c

@@ -1299,7 +1299,7 @@ nameserver_read(struct nameserver *ns) {
 		if (r < 0) {
 			int err = last_error(ns->socket);
 			if (error_is_eagain(err)) return;
-			nameserver_failed(ns, strerror(err));
+			nameserver_failed(ns, tor_socket_strerror(err));
 			return;
 		}
 		/* XXX Match port too? */
@@ -1331,7 +1331,7 @@ server_port_read(struct evdns_server_port *s) {
 			int err = last_error(s->socket);
 			if (error_is_eagain(err)) return;
 			log(EVDNS_LOG_WARN, "Error %s (%d) while reading request.",
-				strerror(err), err);
+				tor_socket_strerror(err), err);
 			return;
 		}
 		request_parse(packet, r, s, (struct sockaddr*) &addr, addrlen);
@@ -1350,7 +1350,7 @@ server_port_flush(struct evdns_server_port *port)
 			int err = last_error(port->socket);
 			if (error_is_eagain(err))
 				return;
-			log(EVDNS_LOG_WARN, "Error %s (%d) while writing response to port; dropping", strerror(err), err);
+			log(EVDNS_LOG_WARN, "Error %s (%d) while writing response to port; dropping", tor_socket_strerror(err), err);
 		}
 		if (server_request_free(req)) {
 			/* we released the last reference to req->port. */
@@ -2063,7 +2063,7 @@ evdns_request_transmit_to(struct evdns_request *req, struct nameserver *server)
 	if (r < 0) {
 		int err = last_error(server->socket);
 		if (error_is_eagain(err)) return 1;
-		nameserver_failed(req->ns, strerror(err));
+		nameserver_failed(req->ns, tor_socket_strerror(err));
 		return 2;
 	} else if (r != (ssize_t)req->request_len) {
 		return 1;  /* short write */

src/or/geoip.c

@@ -308,6 +308,9 @@ geoip_note_client_seen(geoip_client_action_t action,
   if (action == GEOIP_CLIENT_CONNECT) {
     if (!(options->BridgeRelay && options->BridgeRecordUsageByCountry))
       return;
+    /* Did we recently switch from bridge to relay or back? */
+    if (client_history_starts > now)
+      return;
   } else {
 #ifndef ENABLE_GEOIP_STATS
     return;
@@ -386,7 +389,10 @@ _remove_old_client_helper(struct clientmap_entry_t *ent, void *_cutoff)
   }
 }
 
-/** Forget about all clients that haven't connected since <b>cutoff</b>. */
+/** Forget about all clients that haven't connected since <b>cutoff</b>.
+ * If <b>cutoff</b> is in the future, clients won't be added to the history
+ * until this time is reached. This is useful to prevent relays that switch
+ * to bridges from reporting unbelievable numbers of clients. */
 void
 geoip_remove_old_clients(time_t cutoff)
 {

src/or/hibernate.c

@@ -583,10 +583,10 @@ read_bandwidth_usage(void)
     return -1;
 
   /* Okay; it looks like the state file is more up-to-date than the
-   * bw_accounting file, or the bw_accounting file is nonexistant,
+   * bw_accounting file, or the bw_accounting file is nonexistent,
    * or the bw_accounting file is corrupt.
    */
-  log_info(LD_ACCT, "Reading bandwdith accounting data from state file");
+  log_info(LD_ACCT, "Reading bandwidth accounting data from state file");
   n_bytes_read_in_interval = state->AccountingBytesReadInInterval;
   n_bytes_written_in_interval = state->AccountingBytesWrittenInInterval;
   n_seconds_active_in_interval = state->AccountingSecondsActive;
@@ -651,7 +651,7 @@ hibernate_begin(hibernate_state_t new_state, time_t now)
 
   if (new_state == HIBERNATE_STATE_EXITING &&
       hibernate_state != HIBERNATE_STATE_LIVE) {
-    log_notice(LD_GENERAL,"Sigint received %s; exiting now.",
+    log_notice(LD_GENERAL,"SIGINT received %s; exiting now.",
                hibernate_state == HIBERNATE_STATE_EXITING ?
                "a second time" : "while hibernating");
     tor_cleanup();

src/or/main.c

@@ -451,7 +451,7 @@ conn_read_callback(int fd, short event, void *_conn)
 
   log_debug(LD_NET,"socket %d wants to read.",conn->s);
 
-  assert_connection_ok(conn, time(NULL));
+  /* assert_connection_ok(conn, time(NULL)); */
 
   if (connection_handle_read(conn) < 0) {
     if (!conn->marked_for_close) {
@@ -483,7 +483,7 @@ conn_write_callback(int fd, short events, void *_conn)
 
   LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "socket %d wants to write.",conn->s));
 
-  assert_connection_ok(conn, time(NULL));
+  /* assert_connection_ok(conn, time(NULL)); */
 
   if (connection_handle_write(conn, 0) < 0) {
     if (!conn->marked_for_close) {
@@ -529,7 +529,7 @@ conn_close_if_marked(int i)
     return 0; /* nothing to see here, move along */
   now = time(NULL);
   assert_connection_ok(conn, now);
-  assert_all_pending_dns_resolves_ok();
+  /* assert_all_pending_dns_resolves_ok(); */
 
   log_debug(LD_NET,"Cleaning up connection (fd %d).",conn->s);
   if ((conn->s >= 0 || conn->linked_conn) && connection_wants_to_flush(conn)) {
@@ -911,7 +911,7 @@ run_scheduled_events(time_t now)
     }
   }
 
-  /* 1e. Periodicaly, if we're a v3 authority, we check whether our cert is
+  /* 1e. Periodically, if we're a v3 authority, we check whether our cert is
    * close to expiring and warn the admin if it is. */
   if (time_to_check_v3_certificate < now) {
     v3_authority_check_key_expiry();
@@ -1135,7 +1135,7 @@ static void
 second_elapsed_callback(int fd, short event, void *args)
 {
   /* XXXX This could be sensibly refactored into multiple callbacks, and we
-   * could use libevent's timers for this rather than checking the current
+   * could use Libevent's timers for this rather than checking the current
    * time against a bunch of timeouts every second. */
   static struct timeval one_second;
   static time_t current_second = 0;
@@ -1472,7 +1472,7 @@ do_main_loop(void)
  *   1. We handle a different set of signals than those allowed in catch.
  *   2. Platforms without signal() are unlikely to define SIGfoo.
  *   3. The control spec is defined to use fixed numeric signal values
- *      which just happen to match the unix values.
+ *      which just happen to match the Unix values.
  */
 void
 control_signal_act(int the_signal)
@@ -1531,7 +1531,7 @@ signal_callback(int fd, short events, void *arg)
       break;
 #ifdef SIGPIPE
     case SIGPIPE:
-      log_debug(LD_GENERAL,"Caught sigpipe. Ignoring.");
+      log_debug(LD_GENERAL,"Caught SIGPIPE. Ignoring.");
       break;
 #endif
     case SIGUSR1:
@@ -1633,7 +1633,7 @@ dumpstats(int severity)
           tor_tls_get_buffer_sizes(or_conn->tls, &rbuf_cap, &rbuf_len,
                                    &wbuf_cap, &wbuf_len);
           log(severity, LD_GENERAL,
-              "Conn %d: %d/%d bytes used on openssl read buffer; "
+              "Conn %d: %d/%d bytes used on OpenSSL read buffer; "
               "%d/%d bytes used on write buffer.",
               i, rbuf_len, rbuf_cap, wbuf_len, wbuf_cap);
         }
@@ -1709,12 +1709,12 @@ exit_function(void)
 void
 handle_signals(int is_parent)
 {
-#ifndef MS_WINDOWS /* do signal stuff only on unix */
+#ifndef MS_WINDOWS /* do signal stuff only on Unix */
   int i;
   static int signals[] = {
     SIGINT,  /* do a controlled slow shutdown */
     SIGTERM, /* to terminate now */
-    SIGPIPE, /* otherwise sigpipe kills us */
+    SIGPIPE, /* otherwise SIGPIPE kills us */
     SIGUSR1, /* dump stats */
     SIGUSR2, /* go to loglevel debug */
     SIGHUP,  /* to reload config, retry conns, etc */
@@ -1894,7 +1894,7 @@ release_lockfile(void)
  *
  * Helps us find the real leaks with dmalloc and the like. Also valgrind
  * should then report 0 reachable in its leak report (in an ideal world --
- * in practice libevent, ssl, libc etc never quite free everything). */
+ * in practice libevent, SSL, libc etc never quite free everything). */
 void
 tor_free_all(int postfork)
 {

src/or/networkstatus.c

@@ -947,7 +947,7 @@ router_get_consensus_status_by_nickname(const char *nickname,
       });
     if (any_unwarned) {
       log_warn(LD_CONFIG,"There are multiple matches for the nickname \"%s\","
-               " but none is listed as named by the directory authorites. "
+               " but none is listed as named by the directory authorities. "
                "Choosing one arbitrarily.", nickname);
     }
   } else if (warn_if_unnamed && best && !best->name_lookup_warned) {

src/or/ntmain.c

@@ -299,7 +299,7 @@ nt_service_main(void)
       case CMD_LIST_FINGERPRINT:
       case CMD_HASH_PASSWORD:
       case CMD_VERIFY_CONFIG:
-        log_err(LD_CONFIG, "Unsupported command (--list-fingerint, "
+        log_err(LD_CONFIG, "Unsupported command (--list-fingerprint, "
                 "--hash-password, or --verify-config) in NT service.");
         break;
       case CMD_RUN_UNITTESTS:

src/or/onion.c

@@ -75,7 +75,7 @@ onion_pending_add(or_circuit_t *circ, char *onionskin)
     circ = ol_list->circ;
     onion_pending_remove(ol_list->circ);
     log_info(LD_CIRC,
-             "Circuit create request is too old; cancelling due to overload.");
+             "Circuit create request is too old; canceling due to overload.");
     circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT);
   }
   return 0;

src/or/or.h

@@ -136,7 +136,7 @@
 /** Maximum size, in bytes, for any directory object that we've downloaded. */
 #define MAX_DIR_DL_SIZE MAX_BUF_SIZE
 
-/** For http parsing: Maximum number of bytes we'll accept in the headers
+/** For HTTP parsing: Maximum number of bytes we'll accept in the headers
  * of an HTTP request or response. */
 #define MAX_HEADERS_SIZE 50000
 /** Maximum size, in bytes, for any directory object that we're accepting
@@ -263,7 +263,7 @@ typedef enum {
 #define _OR_CONN_STATE_MAX 8
 
 #define _EXIT_CONN_STATE_MIN 1
-/** State for an exit connection: waiting for response from dns farm. */
+/** State for an exit connection: waiting for response from DNS farm. */
 #define EXIT_CONN_STATE_RESOLVING 1
 /** State for an exit connection: waiting for connect() to finish. */
 #define EXIT_CONN_STATE_CONNECTING 2
@@ -636,6 +636,10 @@ typedef enum {
 /** Length of a binary-encoded rendezvous service ID. */
 #define REND_SERVICE_ID_LEN 10
 
+/** How long after we receive a hidden service descriptor do we consider
+ * it fresh? */
+#define NUM_SECONDS_BEFORE_HS_REFETCH (60*15)
+
 /** Time period for which a v2 descriptor will be valid. */
 #define REND_TIME_PERIOD_V2_DESC_VALIDITY (24*60*60)
 
@@ -943,7 +947,7 @@ typedef struct connection_t {
                                  * could write? */
   time_t timestamp_created; /**< When was this connection_t created? */
 
-  /* XXXX_IP6 make this ipv6-capable */
+  /* XXXX_IP6 make this IPv6-capable */
   int socket_family; /**< Address family of this connection's socket.  Usually
                       * AF_INET, but it can also be AF_UNIX, or in the future
                       * AF_INET6 */
@@ -1093,7 +1097,7 @@ typedef struct edge_connection_t {
    * already retried several times. */
   uint8_t num_socks_retries;
 
-  /** True iff this connection is for a dns request only. */
+  /** True iff this connection is for a DNS request only. */
   unsigned int is_dns_request:1;
 
   /** True iff this stream must attach to a one-hop circuit (e.g. for
@@ -1146,7 +1150,7 @@ typedef struct dir_connection_t {
   /** If we're fetching descriptors, what router purpose shall we assign
    * to them? */
   uint8_t router_purpose;
-  /** List of fingerprints for networkstatuses or desriptors to be spooled. */
+  /** List of fingerprints for networkstatuses or descriptors to be spooled. */
   smartlist_t *fingerprint_stack;
   /** A cached_dir_t object that we're currently spooling out */
   struct cached_dir_t *cached_dir;
@@ -1253,9 +1257,9 @@ typedef struct addr_policy_t {
 /** A cached_dir_t represents a cacheable directory object, along with its
  * compressed form. */
 typedef struct cached_dir_t {
-  char *dir; /**< Contents of this object, nul-terminated. */
+  char *dir; /**< Contents of this object, NUL-terminated. */
   char *dir_z; /**< Compressed contents of this object. */
-  size_t dir_len; /**< Length of <b>dir</b> (not counting its nul). */
+  size_t dir_len; /**< Length of <b>dir</b> (not counting its NUL). */
   size_t dir_z_len; /**< Length of <b>dir_z</b>. */
   time_t published; /**< When was this object published. */
   int refcnt; /**< Reference count for this cached_dir_t. */
@@ -1312,7 +1316,7 @@ typedef struct signed_descriptor_t {
    * necessarily NUL-terminated.  If saved_location is SAVED_IN_CACHE, this
    * pointer is null. */
   char *signed_descriptor_body;
-  /** Length of the annotations preceeding the server descriptor. */
+  /** Length of the annotations preceding the server descriptor. */
   size_t annotations_len;
   /** Length of the server descriptor. */
   size_t signed_descriptor_len;
@@ -1619,7 +1623,7 @@ typedef enum {
  * status consensus. */
 typedef struct networkstatus_t {
   networkstatus_type_t type; /**< Vote, consensus, or opinion? */
-  time_t published; /**< Vote only: Tiem when vote was written. */
+  time_t published; /**< Vote only: Time when vote was written. */
   time_t valid_after; /**< Time after which this vote or consensus applies. */
   time_t fresh_until; /**< Time before which this is the most recent vote or
                        * consensus. */
@@ -1634,7 +1638,7 @@ typedef struct networkstatus_t {
   /** How long does this vote/consensus claim that authorities take to
    * distribute their votes to one another? */
   int vote_seconds;
-  /** How long does this vote/consensus claim that authorites take to
+  /** How long does this vote/consensus claim that authorities take to
    * distribute their consensus signatures to one another? */
   int dist_seconds;
 
@@ -1915,7 +1919,7 @@ typedef struct circuit_t {
   /** The circuit_id used in the next (forward) hop of this circuit. */
   circid_t n_circ_id;
 
-  /** The hop to which we want to extend this ciruit.  Should be NULL if
+  /** The hop to which we want to extend this circuit.  Should be NULL if
    * the circuit has attached to a connection. */
   extend_info_t *n_hop;
 
@@ -2180,7 +2184,7 @@ typedef struct {
   config_line_t *DirPolicy; /**< Lists of dir policy components */
   /** Addresses to bind for listening for SOCKS connections. */
   config_line_t *SocksListenAddress;
-  /** Addresses to bind for listening for transparent pf/nefilter
+  /** Addresses to bind for listening for transparent pf/netfilter
    * connections. */
   config_line_t *TransListenAddress;
   /** Addresses to bind for listening for transparent natd connections */
@@ -2459,7 +2463,7 @@ typedef struct {
   int ServerDNSAllowBrokenConfig;
 
   smartlist_t *ServerDNSTestAddresses; /**< A list of addresses that definitely
-                                        * should be resolveable. Used for
+                                        * should be resolvable. Used for
                                         * testing our DNS server. */
   int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the
                                * same network zone in the same circuit. */
@@ -2566,7 +2570,7 @@ typedef struct {
 typedef struct {
   uint32_t _magic;
   /** The time at which we next plan to write the state to the disk.  Equal to
-   * TIME_MAX if there are no saveable changes, 0 if there are changes that
+   * TIME_MAX if there are no savable changes, 0 if there are changes that
    * should be saved right away. */
   time_t next_write;
 
@@ -2830,7 +2834,7 @@ void circuit_build_failed(origin_circuit_t *circ);
 #define CIRCLAUNCH_ONEHOP_TUNNEL  (1<<0)
 /** Flag to set when a circuit needs to be built of high-uptime nodes */
 #define CIRCLAUNCH_NEED_UPTIME    (1<<1)
-/** Flag to set when a circuit needs to be build of high-capcity nodes */
+/** Flag to set when a circuit needs to be built of high-capacity nodes */
 #define CIRCLAUNCH_NEED_CAPACITY  (1<<2)
 /** Flag to set when the last hop of a circuit doesn't need to be an
  * exit node. */
@@ -3829,7 +3833,7 @@ void clear_pending_onions(void);
 /********************************* policies.c ************************/
 
 /* (length of "accept 255.255.255.255/255.255.255.255:65535-65535\n" plus a
- * nul.)
+ * NUL.)
  */
 #define POLICY_BUF_LEN 52
 
@@ -4504,7 +4508,8 @@ int routerset_needs_geoip(const routerset_t *set);
 int routerset_contains_router(const routerset_t *set, routerinfo_t *ri);
 int routerset_contains_routerstatus(const routerset_t *set,
                                     routerstatus_t *rs);
-int routerset_contains_extendinfo(const routerset_t *set, extend_info_t *ei);
+int routerset_contains_extendinfo(const routerset_t *set,
+                                  const extend_info_t *ei);
 void routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset,
                                int running_only);
 void routersets_get_disjunction(smartlist_t *target, const smartlist_t *source,

src/or/policies.c

@@ -40,7 +40,7 @@ typedef struct policy_summary_item_t {
     uint16_t prt_min; /**< Lowest port number to accept/reject. */
     uint16_t prt_max; /**< Highest port number to accept/reject. */
     uint64_t reject_count; /**< Number of IP-Addresses that are rejected to
-                                this portrange. */
+                                this port range. */
     int accepted:1; /** Has this port already been accepted */
 } policy_summary_item_t;
 
@@ -411,6 +411,7 @@ load_policy_from_option(config_line_t *config, smartlist_t **policy,
         memcpy(&newp, n, sizeof(newp));
         newp.prt_min = 1;
         newp.prt_max = 65535;
+        newp.is_canonical = 0;
         c = addr_policy_get_canonical_entry(&newp);
         SMARTLIST_REPLACE_CURRENT(*policy, n, c);
         addr_policy_free(n);
@@ -795,7 +796,7 @@ exit_policy_remove_redundancies(smartlist_t *dest)
    * (accept/reject), A is a subset of B, and there is no other entry of
    * different type in between those two that intersects with A.
    *
-   * Anybody want to doublecheck the logic here? XXX
+   * Anybody want to double-check the logic here? XXX
    */
   for (i = 0; i < smartlist_len(dest)-1; ++i) {
     ap = smartlist_get(dest, i);
@@ -1136,8 +1137,8 @@ policy_summary_add_item(smartlist_t *summary, addr_policy_t *p)
 }
 
 /** Create a string representing a summary for an exit policy.
- * The summary will either be an "accept" plus a comma-seperated list of port
- * ranges or a "reject" plus portranges, depending on which is shorter.
+ * The summary will either be an "accept" plus a comma-separated list of port
+ * ranges or a "reject" plus port-ranges, depending on which is shorter.
  *
  * If no exits are allowed at all then NULL is returned, if no ports
  * are blocked instead of "reject " we return "accept 1-65535" (this

src/or/relay.c

@@ -7,7 +7,7 @@
 /**
  * \file relay.c
  * \brief Handle relay cell encryption/decryption, plus packaging and
- *    receiving from circuits, plus queueing on circuits.
+ *    receiving from circuits, plus queuing on circuits.
  **/
 
 #include "or.h"
@@ -783,7 +783,7 @@ connection_ap_process_end_not_open(
            "Edge got end (%s) before we're connected. Marking for close.",
        stream_end_reason_to_string(rh->length > 0 ? reason : -1));
   circuit_log_path(LOG_INFO,LD_APP,circ);
-  /* need to test because of detach_retriable*/
+  /* need to test because of detach_retriable */
   if (!conn->_base.marked_for_close)
     connection_mark_unattached_ap(conn, control_reason);
   return 0;
@@ -925,7 +925,7 @@ connection_edge_process_relay_cell_not_open(
                                   2+answer_len));
     else
       ttl = -1;
-    if (answer_type == RESOLVED_TYPE_IPV4 && answer_len >= 4) {
+    if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
       uint32_t addr = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+2));
       if (get_options()->ClientDNSRejectInternalAddresses &&
           is_internal_IP(addr, 0)) {
@@ -947,7 +947,7 @@ connection_edge_process_relay_cell_not_open(
                    cell->payload+RELAY_HEADER_SIZE+2, /*answer*/
                    ttl,
                    -1);
-    if (answer_type == RESOLVED_TYPE_IPV4) {
+    if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
       uint32_t addr = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+2));
       remap_event_helper(conn, addr);
     }
@@ -1353,7 +1353,7 @@ connection_edge_consider_sending_sendme(edge_connection_t *conn)
 
   while (conn->deliver_window < STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
     log_debug(conn->cpath_layer?LD_APP:LD_EXIT,
-              "Outbuf %d, Queueing stream sendme.",
+              "Outbuf %d, Queuing stream sendme.",
               (int)conn->_base.outbuf_flushlen);
     conn->deliver_window += STREAMWINDOW_INCREMENT;
     if (connection_edge_send_command(conn, RELAY_COMMAND_SENDME,
@@ -1467,7 +1467,7 @@ circuit_consider_sending_sendme(circuit_t *circ, crypt_path_t *layer_hint)
 //         layer_hint ? "defined" : "null");
   while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <
           CIRCWINDOW_START - CIRCWINDOW_INCREMENT) {
-    log_debug(LD_CIRC,"Queueing circuit sendme.");
+    log_debug(LD_CIRC,"Queuing circuit sendme.");
     if (layer_hint)
       layer_hint->deliver_window += CIRCWINDOW_INCREMENT;
     else

src/or/rendclient.c

@@ -80,8 +80,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
     goto err;
   }
 
-  /* first 20 bytes of payload are the hash of bob's pk */
-  if (entry->parsed->version == 0) { /* unversioned descriptor */
+  /* first 20 bytes of payload are the hash of Bob's pk */
+  if (entry->parsed->version == 0) { /* un-versioned descriptor */
     intro_key = entry->parsed->pk;
   } else { /* versioned descriptor */
     intro_key = NULL;
@@ -482,8 +482,9 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
 {
   char descriptor_id[DIGEST_LEN];
   int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS];
-  int i, tries_left;
+  int i, tries_left, r;
   rend_cache_entry_t *e = NULL;
+  time_t now = time(NULL);
   tor_assert(rend_query);
   /* Are we configured to fetch descriptors? */
   if (!get_options()->FetchHidServDescriptors) {
@@ -492,9 +493,11 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
     return;
   }
   /* Before fetching, check if we already have the descriptor here. */
-  if (rend_cache_lookup_entry(rend_query->onion_address, -1, &e) > 0) {
+  r = rend_cache_lookup_entry(rend_query->onion_address, -1, &e);
+  if (r > 0 && now - e->received < NUM_SECONDS_BEFORE_HS_REFETCH) {
     log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we "
-                      "already have that descriptor here. Not fetching.");
+                      "already have a fresh copy of that descriptor here. "
+                      "Not fetching.");
     return;
   }
   log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s",

src/or/rendservice.c

@@ -48,7 +48,7 @@ typedef struct rend_service_t {
                                * authorization is performed. */
   smartlist_t *clients; /**< List of rend_authorized_client_t's of
                          * clients that may access our service. Can be NULL
-                         * if no client authorization is peformed. */
+                         * if no client authorization is performed. */
   /* Other fields */
   crypto_pk_env_t *private_key; /**< Permanent hidden-service key. */
   char service_id[REND_SERVICE_ID_LEN_BASE32+1]; /**< Onion address without
@@ -66,7 +66,7 @@ typedef struct rend_service_t {
                          * up-to-date. */
   time_t next_upload_time; /**< Scheduled next hidden service descriptor
                             * upload time. */
-  /** Map from digests of diffie-hellman values INTRODUCE2 to time_t of when
+  /** Map from digests of Diffie-Hellman values INTRODUCE2 to time_t of when
    * they were received; used to prevent replays. */
   digestmap_t *accepted_intros;
   /** Time at which we last removed expired values from accepted_intros. */
@@ -1644,7 +1644,7 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
       if (!router_get_by_digest(hs_dir->identity_digest)) {
         log_info(LD_REND, "Not sending publish request for v2 descriptor to "
                           "hidden service directory '%s'; we don't have its "
-                          "router descriptor. Queueing for later upload.",
+                          "router descriptor. Queuing for later upload.",
                  hs_dir->nickname);
         failed_upload = -1;
         continue;

src/or/rephist.c

@@ -24,7 +24,7 @@ uint32_t rephist_total_num=0;
 /** If the total weighted run count of all runs for a router ever falls
  * below this amount, the router can be treated as having 0 MTBF. */
 #define STABILITY_EPSILON   0.0001
-/** Value by which to discount all old intervals for MTBF purposses.  This
+/** Value by which to discount all old intervals for MTBF purposes.  This
  * is compounded every STABILITY_INTERVAL. */
 #define STABILITY_ALPHA     0.95
 /** Interval at which to discount all old intervals for MTBF purposes. */
@@ -501,7 +501,7 @@ rep_hist_get_weighted_fractional_uptime(const char *id, time_t when)
 /** Return a number representing how long we've known about the router whose
  * digest is <b>id</b>. Return 0 if the router is unknown.
  *
- * Be careful: this measure incresases monotonically as we know the router for
+ * Be careful: this measure increases monotonically as we know the router for
  * longer and longer, but it doesn't increase linearly.
  */
 long

src/or/router.c

@@ -28,7 +28,7 @@ static tor_mutex_t *key_lock=NULL;
 static time_t onionkey_set_at=0; /**< When was onionkey last changed? */
 /** Current private onionskin decryption key: used to decode CREATE cells. */
 static crypto_pk_env_t *onionkey=NULL;
-/** Previous private onionskin decription key: used to decode CREATE cells
+/** Previous private onionskin decryption key: used to decode CREATE cells
  * generated by clients that have an older version of our descriptor. */
 static crypto_pk_env_t *lastonionkey=NULL;
 /** Private "identity key": used to sign directory info and TLS
@@ -293,7 +293,7 @@ init_key_from_file(const char *fname, int generate, int severity)
  * directory authority, and make sure they match.  If <b>legacy</b>, load a
  * legacy key/cert set for emergency key migration; otherwise load the regular
  * key/cert set.  On success, store them into *<b>key_out</b> and
- * *<b>cert_out</b> respectively, and return 0.  On failrue, return -1. */
+ * *<b>cert_out</b> respectively, and return 0.  On failure, return -1. */
 static int
 load_authority_keyset(int legacy, crypto_pk_env_t **key_out,
                       authority_cert_t **cert_out)

src/or/routerlist.c

@@ -911,10 +911,10 @@ router_pick_directory_server(authority_type_t type, int flags)
   return choice;
 }
 
-/** Try to determine which fraction of v2 and v3 directory requsts aimed at
+/** Try to determine which fraction of v2 and v3 directory requests aimed at
  * caches will be sent to us. Set *<b>v2_share_out</b> and
  * *<b>v3_share_out</b> to the fractions of v2 and v3 protocol shares we
- * expect to see, respectively.  Return 0 on success, negative on failue. */
+ * expect to see, respectively.  Return 0 on success, negative on failure. */
 int
 router_get_my_share_of_directory_requests(double *v2_share_out,
                                           double *v3_share_out)
@@ -3270,7 +3270,7 @@ routerlist_remove_old_routers(void)
     if (caches && networkstatus_v2_list) {
       /* If we care about v2 statuses, we'll retain at most as many as are
          listed any of the v2 statues.  This will be at least the length of
-         the largest v2 networstatus, and in the worst case, this set will be
+         the largest v2 networkstatus, and in the worst case, this set will be
          equal to the sum of the lengths of all v2 consensuses.  Take the
          worst case.
       */
@@ -4616,7 +4616,7 @@ router_differences_are_cosmetic(routerinfo_t *r1, routerinfo_t *r2)
       (r2->bandwidthcapacity < r1->bandwidthcapacity/2))
     return 0;
 
-  /* Did the bandwithrate or bandwithburst change? */
+  /* Did the bandwidthrate or bandwidthburst change? */
   if ((r1->bandwidthrate != r2->bandwidthrate) ||
       (r1->bandwidthburst != r2->bandwidthburst))
     return 0;
@@ -4979,7 +4979,7 @@ routerset_refresh_countries(routerset_t *target)
  *
  * Three kinds of elements are allowed in routersets: nicknames, IP address
  * patterns, and fingerprints.  They may be surrounded by optional space, and
- * mst be separated by commas.
+ * must be separated by commas.
  */
 int
 routerset_parse(routerset_t *target, const char *s, const char *description)
@@ -5119,7 +5119,7 @@ routerset_contains(const routerset_t *set, const tor_addr_t *addr,
 
 /** Return true iff we can tell that <b>ei</b> is a member of <b>set</b>. */
 int
-routerset_contains_extendinfo(const routerset_t *set, extend_info_t *ei)
+routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
 {
   return routerset_contains(set,
                             &ei->addr,

src/or/routerparse.c

@@ -167,7 +167,7 @@ typedef struct token_rule_t {
   /** If true, we concatenate all arguments for this item into a single
    * string. */
   int concat_args;
-  /** Requirments on object syntax for this item. */
+  /** Requirements on object syntax for this item. */
   obj_syntax os;
   /** Lowest number of times this item may appear in a document. */
   int min_cnt;
@@ -217,7 +217,7 @@ typedef struct token_rule_t {
 /* Argument multiplicity: exactly <b>n</b> arguments. */
 #define EQ(n)       n,n,0
 
-/** List of tokens allowable in router derscriptors */
+/** List of tokens allowable in router descriptors */
 static token_rule_t routerdesc_token_table[] = {
   T0N("reject",              K_REJECT,              ARGS,    NO_OBJ ),
   T0N("accept",              K_ACCEPT,              ARGS,    NO_OBJ ),
@@ -601,7 +601,7 @@ router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
  * <b>versionlist</b> is newer than <b>myversion</b>.  Else, return
  * VS_NEW_IN_SERIES if there is at least one member of <b>versionlist</b> in
  * the same series (major.minor.micro) as <b>myversion</b>, but no such member
- * is newer than <b>myversion.</b>.  Else, return VS_NEW if every memeber of
+ * is newer than <b>myversion.</b>.  Else, return VS_NEW if every member of
  * <b>versionlist</b> is older than <b>myversion</b>.  Else, return
  * VS_UNRECOMMENDED.
  *
@@ -3166,7 +3166,7 @@ tokenize_string(memarea_t *area,
     }
     if ((flags & TS_NO_NEW_ANNOTATIONS)) {
       if (first_nonannotation != prev_len) {
-        log_warn(LD_DIR, "parse error: Unexpectd annotations.");
+        log_warn(LD_DIR, "parse error: Unexpected annotations.");
         return -1;
       }
     }
@@ -3453,7 +3453,7 @@ tor_version_same_series(tor_version_t *a, tor_version_t *b)
 }
 
 /** Helper: Given pointers to two strings describing tor versions, return -1
- * if _a precedes _b, 1 if _b preceeds _a, and 0 if they are equivalent.
+ * if _a precedes _b, 1 if _b precedes _a, and 0 if they are equivalent.
  * Used to sort a list of versions. */
 static int
 _compare_tor_version_str_ptr(const void **_a, const void **_b)

src/or/test.c

@@ -2492,7 +2492,7 @@ test_util_gzip(void)
   test_assert(buf3);
   test_streq(buf1,buf3);
 
-  /* Check whether we can uncompress concatenated, compresed strings. */
+  /* Check whether we can uncompress concatenated, compressed strings. */
   tor_free(buf3);
   buf2 = tor_realloc(buf2, len1*2);
   memcpy(buf2+len1, buf2, len1);
@@ -2514,7 +2514,7 @@ test_util_gzip(void)
   test_assert(!tor_gzip_compress(&buf2, &len1, buf1, strlen(buf1)+1,
                                  ZLIB_METHOD));
   tor_assert(len1>16);
-  /* when we allow an uncomplete string, we should succeed.*/
+  /* when we allow an incomplete string, we should succeed.*/
   tor_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1-16,
                                   ZLIB_METHOD, 0, LOG_INFO));
   buf3[len2]='\0';
@@ -3004,7 +3004,7 @@ test_dir_format(void)
   test_assert(!crypto_pk_get_fingerprint(pk2, fingerprint, 1));
   strlcat(buf2, fingerprint, sizeof(buf2));
   strlcat(buf2, "\nuptime 0\n"
-  /* XXX the "0" above is hardcoded, but even if we made it reflect
+  /* XXX the "0" above is hard-coded, but even if we made it reflect
    * uptime, that still wouldn't make it right, because the two
    * descriptors might be made on different seconds... hm. */
          "bandwidth 1000 5000 10000\n"
@@ -4678,25 +4678,25 @@ test_geoip(void)
   get_options()->BridgeRecordUsageByCountry = 1;
   /* Put 9 observations in AB... */
   for (i=32; i < 40; ++i)
-    geoip_note_client_seen(GEOIP_CLIENT_CONNECT, i, now);
-  geoip_note_client_seen(GEOIP_CLIENT_CONNECT, 225, now);
+    geoip_note_client_seen(GEOIP_CLIENT_CONNECT, i, now-7200);
+  geoip_note_client_seen(GEOIP_CLIENT_CONNECT, 225, now-7200);
   /* and 3 observations in XY, several times. */
   for (j=0; j < 10; ++j)
     for (i=52; i < 55; ++i)
       geoip_note_client_seen(GEOIP_CLIENT_CONNECT, i, now-3600);
   /* and 17 observations in ZZ... */
   for (i=110; i < 127; ++i)
-    geoip_note_client_seen(GEOIP_CLIENT_CONNECT, i, now-7200);
+    geoip_note_client_seen(GEOIP_CLIENT_CONNECT, i, now);
   s = geoip_get_client_history(now+5*24*60*60, GEOIP_CLIENT_CONNECT);
   test_assert(s);
   test_streq("zz=24,ab=16,xy=8", s);
   tor_free(s);
 
-  /* Now clear out all the zz observations. */
+  /* Now clear out all the AB observations. */
   geoip_remove_old_clients(now-6000);
   s = geoip_get_client_history(now+5*24*60*60, GEOIP_CLIENT_CONNECT);
   test_assert(s);
-  test_streq("ab=16,xy=8", s);
+  test_streq("zz=24,xy=8", s);
 
  done:
   tor_free(s);

src/tools/tor-resolve.c

@@ -107,7 +107,8 @@ build_socks_resolve_request(char **out,
  * Return 0 on success, -1 on error.
  */
 static int
-parse_socks4a_resolve_response(const char *response, size_t len,
+parse_socks4a_resolve_response(const char *hostname,
+                               const char *response, size_t len,
                                uint32_t *addr_out)
 {
   uint8_t status;
@@ -129,6 +130,13 @@ parse_socks4a_resolve_response(const char *response, size_t len,
   }
   if (status != 90) {
     log_warn(LD_NET,"Got status response '%d': socks request failed.", status);
+    if (!strcasecmpend(hostname, ".onion")) {
+      log_warn(LD_NET,
+        "%s is a hidden service; those don't have IP addresses. "
+        "To connect to a hidden service, you need to send the hostname "
+        "to Tor; we suggest an application that uses SOCKS 4a.",hostname);
+      return -1;
+    }
     return -1;
   }
 
@@ -241,7 +249,8 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
       log_err(LD_NET, "Error reading SOCKS4 response.");
       return -1;
     }
-    if (parse_socks4a_resolve_response(reply_buf, RESPONSE_LEN_4,
+    if (parse_socks4a_resolve_response(hostname,
+                                       reply_buf, RESPONSE_LEN_4,
                                        result_addr)<0){
       return -1;
     }
@@ -260,6 +269,13 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
       log_warn(LD_NET,"Got SOCKS5 status response '%u': %s",
                (unsigned)reply_buf[1],
                socks5_reason_to_string(reply_buf[1]));
+      if (reply_buf[1] == 4 && !strcasecmpend(hostname, ".onion")) {
+        log_warn(LD_NET,
+            "%s is a hidden service; those don't have IP addresses. "
+            "To connect to a hidden service, you need to send the hostname "
+            "to Tor; we suggest an application that uses SOCKS 4a.",
+            hostname);
+      }
       return -1;
     }
     if (reply_buf[3] == 1) {
@@ -396,14 +412,6 @@ main(int argc, char **argv)
     usage();
   }
 
-  if (!strcasecmpend(arg[0], ".onion") && !force) {
-    fprintf(stderr,
-       "%s is a hidden service; those don't have IP addresses.\n\n"
-       "To connect to a hidden service, you need to send the hostname\n"
-       "to Tor; we suggest an application that uses SOCKS 4a.\n", arg[0]);
-    return 1;
-  }
-
   if (network_init()<0) {
     log_err(LD_BUG,"Error initializing network; exiting.");
     return 1;

src/win32/orconfig.h

@@ -226,6 +226,6 @@
 #define USING_TWOS_COMPLEMENT
 
 /* Version number of package */
-#define VERSION "0.2.1.15-rc"
+#define VERSION "0.2.1.16-rc"
 
 

tor.spec.in

@@ -72,7 +72,7 @@
 %endif
 
 %if %{is_rfl}
-%define ostag redflag%(sed -e 's/^.*Desktop /redflag/' -e 's/ .*$//' -e 's/\\./_/g' < /etc/redflag-release)
+%define ostag %(sed -e 's/^.*Desktop /redflag/' -e 's/ .*$//' -e 's/\\./_/g' < /etc/redflag-release)
 %endif
 
 # Using the build date ensures that every build really does get
@@ -119,11 +119,11 @@ Vendor: The Tor Project (https://torproject.org)
 Packager: Andrew Lewman <andrew@torproject.org>
 
 %if %{is_suse}
-Requires: openssl >= 0.9.6
-BuildRequires: openssl-devel >= 0.9.6, rpm >= 4.0, zlib-devel
+Requires: openssl >= 0.9.7
+BuildRequires: openssl-devel >= 0.9.7, rpm >= 4.0, zlib-devel
 %else 
-Requires: openssl >= 0.9.6, libevent >= 1.1
-BuildRequires: openssl-devel >= 0.9.6, libevent-devel >= 1.1
+Requires: openssl >= 0.9.7
+BuildRequires: openssl-devel >= 0.9.7
 %endif
 %if %{is_fc}
 BuildRequires: rpm-build >= 4.0