Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-05-22 | and put those in the release notes tootor-0.3.3.6 | Roger Dingledine | |
2018-05-22 | 0.3.1.10 and 0.2.9.15 changelogs got left out too | Roger Dingledine | |
2018-05-22 | run nickm's format_changelog.py script | Roger Dingledine | |
2018-05-22 | a few more changelog fixes | Roger Dingledine | |
2018-05-22 | light cleanup, give them new blurbs | Roger Dingledine | |
2018-05-22 | include 0.3.2.10 blurbs in 0.3.3 changelogs | Roger Dingledine | |
so they aren't mysteriously missing from the tarballs/etc | |||
2018-05-22 | remove items from 0.3.3.6 that are already in 0.3.2.10 | Roger Dingledine | |
2018-05-22 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-22 | Merge branch 'trove-2018-005_032' into maint-0.3.3 | Nick Mathewson | |
2018-05-22 | avoid a signed/unsigned comparison. | Nick Mathewson | |
2018-05-22 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-22 | Make the TROVE-2018-005 fix work with rust. | Nick Mathewson | |
2018-05-22 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-22 | Merge branch 'trove-2018-005_032' into maint-0.3.3 | Nick Mathewson | |
2018-05-22 | uint breaks compilation on windows | Nick Mathewson | |
2018-05-22 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-22 | version bump to 0.3.3.6 | Nick Mathewson | |
2018-05-22 | add TROVE-2018-005 to changelog and releasenotes | Nick Mathewson | |
2018-05-22 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-22 | rust: Mirror TROVE-2018-005 fix in Rust protover implementation. | Isis Lovecruft | |
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the splitting/parsing logic in to a new `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that both `from_str()` and `from_str_any_len()` can call it.) * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to maintain compatibility with consensus methods older than 29. * ADD a limit on the number of characters in a protocol name. * FIXES part of #25517: https://bugs.torproject.org/25517 | |||
2018-05-22 | Merge branch 'trove-2018-005_032' into trove-2018-005_033 | Nick Mathewson | |
2018-05-22 | changes file for TROVE-2018-005 | Nick Mathewson | |
2018-05-22 | Add stdbool to protover.h. Only needed for the 032 backport | Nick Mathewson | |
2018-05-22 | vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. | Isis Lovecruft | |
2018-05-22 | protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing. | Isis Lovecruft | |
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of `proto_entry_t`s to their protocol name concatenated with each version number. For example, given a `proto_entry_t` like so: proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t)); proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t)); proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa"); proto->ranges = smartlist_new(); range->low = 1; range->high = 65536; smartlist_add(proto->ranges, range); (Where `[19KB]` is roughly 19KB of `"a"` bytes.) This would expand in `expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the string, e.g.: "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1" "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2" […] "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535" Thus constituting a potential resource exhaustion attack. The Rust implementation is not subject to this attack, because it instead expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031, and a `HashMap<UnvalidatedProtocol, ProtoSet>` after). Neither Rust version is subject to this attack, because it only stores the `String` once per protocol. (Although a related, but apparently of too minor impact to be usable, DoS bug has been fixed in #24031. [0]) [0]: https://bugs.torproject.org/24031 * ADDS hard limit on protocol name lengths in protover.c and checks in parse_single_entry() and expand_protocol_list(). * ADDS tests to ensure the bug is caught. * FIXES #25517: https://bugs.torproject.org/25517 | |||
2018-05-22 | Move bug25145 entry into ChangeLog | Nick Mathewson | |
(It doesn't go into ReleaseNotes, since it's a bugfix on 0.3.3.2-alpha) | |||
2018-05-22 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-22 | Fix a crash bug when testing reachability | Nick Mathewson | |
Fixes bug 25415; bugfix on 0.3.3.2-alpha. | |||
2018-05-21 | Write a blurb for 0.3.3.6 | Nick Mathewson | |
2018-05-21 | 033 releasenotes: minor sorting | Nick Mathewson | |
2018-05-17 | Sort the entries in the 0.3.3.7 CL and RNs | Nick Mathewson | |
2018-05-17 | Start on releasenotes for 0.3.3.6 | Nick Mathewson | |
Here I've just concatenated the changelogs and removed the "bugfix on 0.3.3.x" entries. | |||
2018-05-17 | Begin work on a ChangeLog for 0.3.3.6 | Nick Mathewson | |
2018-05-16 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
2018-05-16 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
2018-05-16 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-16 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
2018-05-16 | Merge branch 'bug26072_029' into maint-0.2.9 | Nick Mathewson | |
2018-05-15 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-15 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
2018-05-15 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
2018-05-15 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
2018-05-15 | Update geoip and geoip6 to the May 1 2018 database. | Karsten Loesing | |
2018-05-14 | Add a missing return after marking a stream for bad connected cell | Nick Mathewson | |
Fixes bug 26072; bugfix on 0.2.4.7-alpha. | |||
2018-05-10 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-10 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
2018-05-10 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
2018-05-10 | Merge remote-tracking branch 'dgoulet/bug26069_031_01' into maint-0.3.1 | Nick Mathewson | |
2018-05-10 | Merge branch 'maint-0.3.3' into release-0.3.3 | Nick Mathewson | |
2018-05-10 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |