summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/microdesc-double-free7
-rw-r--r--doc/tor.1.txt12
-rw-r--r--src/or/routerparse.c1
3 files changed, 15 insertions, 5 deletions
diff --git a/changes/microdesc-double-free b/changes/microdesc-double-free
new file mode 100644
index 0000000000..932cc754ba
--- /dev/null
+++ b/changes/microdesc-double-free
@@ -0,0 +1,7 @@
+ o Security fixes:
+ - Don't double-free a parsable, but invalid, microdescriptor, even
+ if it is followed in the blob we're parsing by an unparsable
+ microdescriptor. Fixes an issue reported in a comment on bug 2954.
+ Bugfix on 0.2.2.6-alpha; fix by "cypherpunks".
+
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index f24eaba7e0..8599fdc19b 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -529,7 +529,7 @@ The following options are useful only for clients (that is, if
patterns of nodes to never use when picking an exit node---that is, a
node that delivers traffic for you outside the Tor network. Note that any
node listed in ExcludeNodes is automatically considered to be part of this
- list too. See also the caveats on the "ExitNodes" option below
+ list too. See also the caveats on the "ExitNodes" option below.
**ExitNodes** __node__,__node__,__...__::
A list of identity fingerprints, nicknames, country codes and address
@@ -544,18 +544,20 @@ The following options are useful only for clients (that is, if
Note also that not every circuit is used to deliver traffic outside of
the Tor network. It is normal to see non-exit circuits (such as those
used to connect to hidden services, those that do directory fetches,
- those used for self-tests, and so on) that end at a non-exit node. To
+ those used for relay reachability self-tests, and so on) that end
+ at a non-exit node. To
keep a node from being used entirely, see ExcludeNodes and StrictNodes. +
+
The ExcludeNodes option overrides this option: any node listed in both
ExitNodes and ExcludeNodes is treated as excluded. +
+
- The .exit address notation, if enabled, overrides this option.
+ The .exit address notation, if enabled via AllowDotExit, overrides
+ this option.
**EntryNodes** __node__,__node__,__...__::
A list of identity fingerprints, nicknames, and country codes of nodes
to use for the first hop in your normal circuits.
- This includes all
+ Normal circuits include all
circuits except for direct connections to directory servers. The Bridge
option overrides this option; if you have configured bridges and
UseBridges is 1, the Bridges are used as your entry nodes. +
@@ -570,7 +572,7 @@ The following options are useful only for clients (that is, if
still try to avoid nodes in the ExcludeNodes list, but it will err on the
side of avoiding unexpected errors. Specifically, StrictNodes 0 tells
Tor that it is okay to use an excluded node when it is *necessary* to
- perform self-tests, connect to
+ perform relay reachability self-tests, connect to
a hidden service, provide a hidden service to a client, fulfill a .exit
request, upload directory information, or download directory information.
(Default: 0)
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index e44fd8c989..80214b3cfb 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4357,6 +4357,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
md = NULL;
next:
microdesc_free(md);
+ md = NULL;
memarea_clear(area);
smartlist_clear(tokens);