summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-05-22and put those in the release notes tootor-0.3.3.6Roger Dingledine
2018-05-220.3.1.10 and 0.2.9.15 changelogs got left out tooRoger Dingledine
2018-05-22run nickm's format_changelog.py scriptRoger Dingledine
2018-05-22a few more changelog fixesRoger Dingledine
2018-05-22light cleanup, give them new blurbsRoger Dingledine
2018-05-22include 0.3.2.10 blurbs in 0.3.3 changelogsRoger Dingledine
so they aren't mysteriously missing from the tarballs/etc
2018-05-22remove items from 0.3.3.6 that are already in 0.3.2.10Roger Dingledine
2018-05-22Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-22Merge branch 'trove-2018-005_032' into maint-0.3.3Nick Mathewson
2018-05-22avoid a signed/unsigned comparison.Nick Mathewson
2018-05-22Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-22Make the TROVE-2018-005 fix work with rust.Nick Mathewson
2018-05-22Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-22Merge branch 'trove-2018-005_032' into maint-0.3.3Nick Mathewson
2018-05-22uint breaks compilation on windowsNick Mathewson
2018-05-22Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-22version bump to 0.3.3.6Nick Mathewson
2018-05-22add TROVE-2018-005 to changelog and releasenotesNick Mathewson
2018-05-22Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-22rust: Mirror TROVE-2018-005 fix in Rust protover implementation.Isis Lovecruft
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the splitting/parsing logic in to a new `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that both `from_str()` and `from_str_any_len()` can call it.) * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to maintain compatibility with consensus methods older than 29. * ADD a limit on the number of characters in a protocol name. * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22Merge branch 'trove-2018-005_032' into trove-2018-005_033Nick Mathewson
2018-05-22changes file for TROVE-2018-005Nick Mathewson
2018-05-22Add stdbool to protover.h. Only needed for the 032 backportNick Mathewson
2018-05-22vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote.Isis Lovecruft
2018-05-22protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.Isis Lovecruft
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of `proto_entry_t`s to their protocol name concatenated with each version number. For example, given a `proto_entry_t` like so: proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t)); proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t)); proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa"); proto->ranges = smartlist_new(); range->low = 1; range->high = 65536; smartlist_add(proto->ranges, range); (Where `[19KB]` is roughly 19KB of `"a"` bytes.) This would expand in `expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the string, e.g.: "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1" "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2" […] "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535" Thus constituting a potential resource exhaustion attack. The Rust implementation is not subject to this attack, because it instead expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031, and a `HashMap<UnvalidatedProtocol, ProtoSet>` after). Neither Rust version is subject to this attack, because it only stores the `String` once per protocol. (Although a related, but apparently of too minor impact to be usable, DoS bug has been fixed in #24031. [0]) [0]: https://bugs.torproject.org/24031 * ADDS hard limit on protocol name lengths in protover.c and checks in parse_single_entry() and expand_protocol_list(). * ADDS tests to ensure the bug is caught. * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22Move bug25145 entry into ChangeLogNick Mathewson
(It doesn't go into ReleaseNotes, since it's a bugfix on 0.3.3.2-alpha)
2018-05-22Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-22Fix a crash bug when testing reachabilityNick Mathewson
Fixes bug 25415; bugfix on 0.3.3.2-alpha.
2018-05-21Write a blurb for 0.3.3.6Nick Mathewson
2018-05-21033 releasenotes: minor sortingNick Mathewson
2018-05-17Sort the entries in the 0.3.3.7 CL and RNsNick Mathewson
2018-05-17Start on releasenotes for 0.3.3.6Nick Mathewson
Here I've just concatenated the changelogs and removed the "bugfix on 0.3.3.x" entries.
2018-05-17Begin work on a ChangeLog for 0.3.3.6Nick Mathewson
2018-05-16Merge branch 'maint-0.3.1' into maint-0.3.2Nick Mathewson
2018-05-16Merge branch 'maint-0.3.2' into maint-0.3.3Nick Mathewson
2018-05-16Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-16Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-05-16Merge branch 'bug26072_029' into maint-0.2.9Nick Mathewson
2018-05-15Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-15Merge branch 'maint-0.3.1' into maint-0.3.2Nick Mathewson
2018-05-15Merge branch 'maint-0.3.2' into maint-0.3.3Nick Mathewson
2018-05-15Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-05-15Update geoip and geoip6 to the May 1 2018 database.Karsten Loesing
2018-05-14Add a missing return after marking a stream for bad connected cellNick Mathewson
Fixes bug 26072; bugfix on 0.2.4.7-alpha.
2018-05-10Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-10Merge branch 'maint-0.3.1' into maint-0.3.2Nick Mathewson
2018-05-10Merge branch 'maint-0.3.2' into maint-0.3.3Nick Mathewson
2018-05-10Merge remote-tracking branch 'dgoulet/bug26069_031_01' into maint-0.3.1Nick Mathewson
2018-05-10Merge branch 'maint-0.3.3' into release-0.3.3Nick Mathewson
2018-05-10Merge branch 'maint-0.3.1' into maint-0.3.2Nick Mathewson
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion