summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-12-18Fix parsing bug with unecognized token at EOSNick Mathewson
In get_token(), we could read one byte past the end of the region. This is only a big problem in the case where the region itself is (a) potentially hostile, and (b) not explicitly nul-terminated. This patch fixes the underlying bug, and also makes sure that the one remaining case of not-NUL-terminated potentially hostile data gets NUL-terminated. Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
2016-12-09Update geoip and geoip6 to the December 7 2016 database.Karsten Loesing
2016-11-07Update geoip and geoip6 to the November 3 2016 database.Karsten Loesing
2016-10-05Update geoip and geoip6 to the October 6 2016 database.Karsten Loesing
2016-09-07Update geoip and geoip6 to the September 6 2016 database.Karsten Loesing
2016-08-12Update geoip and geoip6 to the August 2 2016 database.Karsten Loesing
2016-07-18Update geoip and geoip6 to the July 6 2016 database.Karsten Loesing
2016-07-05whoops. changelog file for 19271.Nick Mathewson
2016-07-03Remove urras as a default trusted directory authoritySebastian Hahn
It had been a directory authority since 0.2.1.20.
2016-06-12Update geoip and geoip6 to the June 7 2016 database.Karsten Loesing
2016-05-09Update geoip and geoip6 to the May 4 2016 database.Karsten Loesing
2016-04-07Update geoip and geoip6 to the April 5 2016 database.Karsten Loesing
2016-03-04Update geoip and geoip6 to the March 3 2016 database.Karsten Loesing
2016-02-11Merge branch 'bug18162_024' into maint-0.2.4Nick Mathewson
2016-02-11Make ensure_capacity a bit more pedantically correctNick Mathewson
Issues noted by cypherpunks on #18162
2016-02-04Update geoip and geoip6 to the February 2 2016 database.Karsten Loesing
2016-01-27avoid integer overflow in and around smartlist_ensure_capacity.Nick Mathewson
This closes bug 18162; bugfix on a45b1315909c9, which fixed a related issue long ago. In addition to the #18162 issues, this fixes a signed integer overflow in smarltist_add_all(), which is probably not so great either.
2016-01-07Update dannenberg's V3 authority identity fingerprintteor (Tim Wilson-Brown)
This new identity key was changed on 18 November 2015.
2016-01-07Update geoip and geoip6 to the January 5 2016 database.Karsten Loesing
2015-12-08Merge branch 'bug17772_024' into maint-0.2.4Nick Mathewson
2015-12-08Ensure node is a guard candidate when picking a directory guardArlo Breault
2015-12-08Fix a compilation warning introduced by clang 3.6Nick Mathewson
There was a dead check when we made sure that an array member of a struct was non-NULL. Tor has been doing this check since at least 0.2.3, maybe earlier. Fixes bug 17781.
2015-12-05Update geoip and geoip6 to the December 1 2015 database.Karsten Loesing
2015-10-09Update geoip and geoip6 to the October 9 2015 database.Karsten Loesing
2015-09-24Update geoip and geoip6 to the September 3 2015 database.Karsten Loesing
2015-07-29Update geoip and geoip6 to the July 8 2015 database.Karsten Loesing
2015-06-25Merge remote-tracking branch 'karsten/geoip6-jun2015' into maint-0.2.4Nick Mathewson
2015-06-25Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson
2015-06-09Update geoip6 to the June 3 2015 database.Karsten Loesing
2015-06-09Update geoip to the June 3 2015 database.maint-0.2.3Karsten Loesing
2015-04-27Merge remote-tracking branch 'karsten/geoip6-apr2015' into maint-0.2.4Nick Mathewson
2015-04-27Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson
2015-04-24Update geoip6 to the April 8 2015 database.Karsten Loesing
2015-04-24Update geoip to the April 8 2015 database.Karsten Loesing
2015-04-06Bump 0.2.4 version more placesNick Mathewson
2015-04-06Bump 0.2.4 versionNick Mathewson
2015-04-06Changes file for bug15601Nick Mathewson
2015-04-06Handle empty/zero length encoded intro points more gracefully.Yawning Angel
In theory these should never the triggered as the only caller now validates the parameters before this routine gets called.
2015-04-06Treat empty introduction points sections as missing.Yawning Angel
Found by DonnchaC.
2015-04-06Validate the RSA key size received when parsing INTRODUCE2 cells.Yawning Angel
Fixes bug 15600; reported by skruffy
2015-04-03Merge branch 'bug15515_024' into maint-0.2.4Nick Mathewson
2015-04-03... and if we do get multiple INTRODUCE1s on a circuit, kill the circuitGeorge Kadianakis
(Sending a nak would be pointless.) See ticket 15515 for discussion.
2015-04-03Block multiple introductions on the same intro circuit.George Kadianakis
2015-03-12Bump 0.2.4 version.Nick Mathewson
2015-03-09Merge remote-tracking branch 'karsten/geoip6-mar2015' into maint-0.2.4Nick Mathewson
2015-03-09Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson
2015-03-09Update geoip6 to the March 3 2015 database.Karsten Loesing
2015-03-09Update geoip to the March 3 2015 database.Karsten Loesing
2015-03-09Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson
2015-03-09Adjust changes headerNick Mathewson
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion