| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-07-07 | Update geoip and geoip6 to the July 4 2017 database. | Karsten Loesing | |
| 2017-07-05 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-07-05 | Merge branch 'bug22789_024' into maint-0.2.4 | Nick Mathewson | |
| 2017-07-03 | Fix assertion failure related to openbsd strtol(). | Nick Mathewson | |
| Fixes bug 22789; bugfix on 0.2.3.8-alpha. | |||
| 2017-06-27 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-06-27 | Merge branch 'bug22737_024' into maint-0.2.4 | Nick Mathewson | |
| 2017-06-27 | Fix an errant memset() into the middle of a struct in cell_pack(). | Nick Mathewson | |
| This mistake causes two possible bugs. I believe they are both harmless IRL. BUG 1: memory stomping When we call the memset, we are overwriting two 0 bytes past the end of packed_cell_t.body. But I think that's harmless in practice, because the definition of packed_cell_t is: // ... typedef struct packed_cell_t { TOR_SIMPLEQ_ENTRY(packed_cell_t) next; char body[CELL_MAX_NETWORK_SIZE]; uint32_t inserted_time; } packed_cell_t; So we will overwrite either two bytes of inserted_time, or two bytes of padding, depending on how the platform handles alignment. If we're overwriting padding, that's safe. If we are overwriting the inserted_time field, that's also safe: In every case where we call cell_pack() from connection_or.c, we ignore the inserted_time field. When we call cell_pack() from relay.c, we don't set or use inserted_time until right after we have called cell_pack(). SO I believe we're safe in that case too. BUG 2: memory exposure The original reason for this memset was to avoid the possibility of accidentally leaking uninitialized ram to the network. Now remember, if wide_circ_ids is false on a connection, we shouldn't actually be sending more than 512 bytes of packed_cell_t.body, so these two bytes can only leak to the network if there is another bug somewhere else in the code that sends more data than is correct. Fortunately, in relay.c, where we allocate packed_cell_t in packed_cell_new() , we allocate it with tor_malloc_zero(), which clears the RAM, right before we call cell_pack. So those packed_cell_t.body bytes can't leak any information. That leaves the two calls to cell_pack() in connection_or.c, which use stack-alocated packed_cell_t instances. In or_handshake_state_record_cell(), we pass the cell's contents to crypto_digest_add_bytes(). When we do so, we get the number of bytes to pass using the same setting of wide_circ_ids as we passed to cell_pack(). So I believe that's safe. In connection_or_write_cell_to_buf(), we also use the same setting of wide_circ_ids in both calls. So I believe that's safe too. I introduced this bug with 1c0e87f6d8c7a0abdadf1b5cd9082c10abc7f4e2 back in 0.2.4.11-alpha; it is bug 22737 and CID 1401591 | |||
| 2017-06-09 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-06-09 | Update geoip and geoip6 to the June 8 2017 database. | Karsten Loesing | |
| 2017-06-08 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| "ours" merge to avoid version bump. | |||
| 2017-06-08 | Add -dev to version number. | Nick Mathewson | |
| 2017-06-08 | Add -dev to version number. | Nick Mathewson | |
| 2017-06-08 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| "ours" merge to avoid version bump. | |||
| 2017-06-08 | bump to 0.2.5.14 | Nick Mathewson | |
| 2017-06-08 | Bump to 0.2.4.29 | Nick Mathewson | |
| 2017-06-08 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-06-08 | TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell | David Goulet | |
| On an hidden service rendezvous circuit, a BEGIN_DIR could be sent (maliciously) which would trigger a tor_assert() because connection_edge_process_relay_cell() thought that the circuit is an or_circuit_t but is an origin circuit in reality. Fixes #22494 Reported-by: Roger Dingledine <arma@torproject.org> Signed-off-by: David Goulet <dgoulet@torproject.org> | |||
| 2017-06-05 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-06-05 | Fix C89 warning (since Tor 0.2.4-5 still care about that.) | Nick Mathewson | |
| 2017-06-05 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-06-05 | Fix undefined behavior in geoip_parse_entry(). | Nick Mathewson | |
| Fixes bug 22490; bugfix on 6a241ff3ffe7dc1 in 0.2.4.6-alpha. Found by teor using clang-5.0's AddressSanitizer stack-use-after-scope. | |||
| 2017-05-08 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-05-08 | Update geoip and geoip6 to the May 2 2017 database. | Karsten Loesing | |
| 2017-04-06 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-04-06 | Update geoip and geoip6 to the April 4 2017 database. | Karsten Loesing | |
| 2017-03-08 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-03-08 | Update geoip and geoip6 to the March 7 2017 database. | Karsten Loesing | |
| 2017-02-28 | Bump version to 0.2.5.13 | Nick Mathewson | |
| 2017-02-28 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| "ours" merge to avoid bumping version | |||
| 2017-02-28 | Bump to 0.2.4.28 | Nick Mathewson | |
| 2017-02-15 | Merge branch 'maint-0.2.5' of git-rw.torproject.org:/tor into maint-0.2.5 | Nick Mathewson | |
| 2017-02-15 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-02-14 | Avoid integer underflow in tor_version_compare. | Nick Mathewson | |
| Fix for TROVE-2017-001 and bug 21278. (Note: Instead of handling signed ints "correctly", we keep the old behavior, except for the part where we would crash with -ftrapv.) | |||
| 2017-02-13 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Roger Dingledine | |
| 2017-02-13 | be sure to remember the changes file for #20384 | Roger Dingledine | |
| 2017-02-13 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-02-12 | Update geoip and geoip6 to the February 8 2017 database. | Karsten Loesing | |
| 2017-02-07 | Merge remote-tracking branch 'public/bug18710_025' into maint-0.2.5 | Nick Mathewson | |
| 2017-02-07 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-02-07 | Disable a log_backtrace (which 0.2.4 does not have) in 16248 fix | Nick Mathewson | |
| 2017-02-07 | Add comments to connection_check_event(). | Nick Mathewson | |
| 2017-02-07 | Change behavior on missing/present event to warn instead of asserting. | Nick Mathewson | |
| Add a changes file. | |||
| 2017-02-07 | If we start/stop reading on a dnsserv connection, don't assert. | Nick Mathewson | |
| Fixes bug 16248. Patch from cypherpunks. Bugfix on 0.2.0.1-alpha. | |||
| 2017-02-07 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-02-07 | Backport the tonga->bifroest move to 0.2.4. | Nick Mathewson | |
| This is a backport of 19728 and 19690 | |||
| 2017-02-07 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-02-07 | Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4 | Nick Mathewson | |
| 2017-02-07 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-02-07 | Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.4 | Nick Mathewson | |
| 2017-02-07 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| aboutsummaryrefslogtreecommitdiff |