diff options
-rw-r--r-- | changes/microdesc-double-free | 7 | ||||
-rw-r--r-- | doc/tor.1.txt | 12 | ||||
-rw-r--r-- | src/or/routerparse.c | 1 |
3 files changed, 15 insertions, 5 deletions
diff --git a/changes/microdesc-double-free b/changes/microdesc-double-free new file mode 100644 index 0000000000..932cc754ba --- /dev/null +++ b/changes/microdesc-double-free @@ -0,0 +1,7 @@ + o Security fixes: + - Don't double-free a parsable, but invalid, microdescriptor, even + if it is followed in the blob we're parsing by an unparsable + microdescriptor. Fixes an issue reported in a comment on bug 2954. + Bugfix on 0.2.2.6-alpha; fix by "cypherpunks". + + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index f24eaba7e0..8599fdc19b 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -529,7 +529,7 @@ The following options are useful only for clients (that is, if patterns of nodes to never use when picking an exit node---that is, a node that delivers traffic for you outside the Tor network. Note that any node listed in ExcludeNodes is automatically considered to be part of this - list too. See also the caveats on the "ExitNodes" option below + list too. See also the caveats on the "ExitNodes" option below. **ExitNodes** __node__,__node__,__...__:: A list of identity fingerprints, nicknames, country codes and address @@ -544,18 +544,20 @@ The following options are useful only for clients (that is, if Note also that not every circuit is used to deliver traffic outside of the Tor network. It is normal to see non-exit circuits (such as those used to connect to hidden services, those that do directory fetches, - those used for self-tests, and so on) that end at a non-exit node. To + those used for relay reachability self-tests, and so on) that end + at a non-exit node. To keep a node from being used entirely, see ExcludeNodes and StrictNodes. + + The ExcludeNodes option overrides this option: any node listed in both ExitNodes and ExcludeNodes is treated as excluded. + + - The .exit address notation, if enabled, overrides this option. + The .exit address notation, if enabled via AllowDotExit, overrides + this option. **EntryNodes** __node__,__node__,__...__:: A list of identity fingerprints, nicknames, and country codes of nodes to use for the first hop in your normal circuits. - This includes all + Normal circuits include all circuits except for direct connections to directory servers. The Bridge option overrides this option; if you have configured bridges and UseBridges is 1, the Bridges are used as your entry nodes. + @@ -570,7 +572,7 @@ The following options are useful only for clients (that is, if still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is *necessary* to - perform self-tests, connect to + perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. (Default: 0) diff --git a/src/or/routerparse.c b/src/or/routerparse.c index e44fd8c989..80214b3cfb 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -4357,6 +4357,7 @@ microdescs_parse_from_string(const char *s, const char *eos, md = NULL; next: microdesc_free(md); + md = NULL; memarea_clear(area); smartlist_clear(tokens); |