| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-06-29 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-06-29 | Merge branch 'ticket22684' | Nick Mathewson | |
| 2017-06-28 | Changes file for bug22752 diagnostics | Nick Mathewson | |
| 2017-06-28 | Log real error message when unable to remove a storagedir file | Nick Mathewson | |
| Attempts to help diagnose 22752. | |||
| 2017-06-28 | Replace crash on missing handle in consdiffmgr with nonfatal assert | Nick Mathewson | |
| Attempts to mitigate 22752. | |||
| 2017-06-28 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.3.0' into maint-0.3.1 | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.2.9' into maint-0.3.0 | Nick Mathewson | |
| 2017-06-28 | Merge remote-tracking branch 'teor/bug21507-029' into maint-0.2.9 | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.3.0' into maint-0.3.1 | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.2.9' into maint-0.3.0 | Nick Mathewson | |
| 2017-06-28 | Merge remote-tracking branch 'teor/bug21576_029_v2' into maint-0.2.9 | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.3.0' into maint-0.3.1 | Nick Mathewson | |
| "ours" merge to avoid taking redundant ws fix | |||
| 2017-06-28 | whitespace fix | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.3.0' into maint-0.3.1 | Nick Mathewson | |
| "Ours" merge to avoid taking backport of 21969 | |||
| 2017-06-28 | Merge remote-tracking branch 'asn/bug21969_bridges_030' into maint-0.3.0 | Nick Mathewson | |
| 2017-06-28 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-06-28 | Fix crash in LZMA module when the Sandbox is enabled. | Alexander Færøy | |
| This patch fixes a crash in our LZMA module where liblzma will allocate slightly more data than it is allowed to by its limit, which leads to a crash. See: https://bugs.torproject.org/22751 | |||
| 2017-06-28 | ed25519: Add changes file for #22746. | George Kadianakis | |
| 2017-06-28 | ed25519: Add tests blinding bad ed25519 pubkeys. | George Kadianakis | |
| 2017-06-28 | ed25519: Also check that retval in the ref10 implementation. | George Kadianakis | |
| 2017-06-28 | ed25519: Check retval of unpack_negative_vartime in donna. | George Kadianakis | |
| 2017-06-27 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-06-27 | Merge branch 'ahf_bugs_22702_squashed' into maint-0.3.1 | Nick Mathewson | |
| 2017-06-27 | Add changes file for bug #22702. | Alexander Færøy | |
| See: https://bugs.torproject.org/22702 | |||
| 2017-06-27 | Return "304 not modified" if a client already have the most recent consensus. | Alexander Færøy | |
| This makes our directory code check if a client is trying to fetch a document that matches a digest from our latest consensus document. See: https://bugs.torproject.org/22702 | |||
| 2017-06-27 | Set published_out for consensus cache entries in ↵ | Alexander Færøy | |
| spooled_resource_estimate_size(). This patch ensures that the published_out output parameter is set to the current consensus cache entry's "valid after" field. See: https://bugs.torproject.org/22702 | |||
| 2017-06-27 | Merge branch 'asn_bug22006_final_squashed' | Nick Mathewson | |
| 2017-06-27 | no newlines in log messages. | Nick Mathewson | |
| 2017-06-27 | whitespace fix | Nick Mathewson | |
| 2017-06-27 | Merge branch 'asn_bug22006_final_squashed' | Nick Mathewson | |
| 2017-06-27 | ed25519: Dirauths validate router ed25519 pubkeys before pinning. | George Kadianakis | |
| 2017-06-27 | ed25519: Add unittests for ed25519 pubkey validation. | George Kadianakis | |
| 2017-06-27 | ed25519: Add func that checks for torsion component in pubkeys. | George Kadianakis | |
| See https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html . | |||
| 2017-06-27 | Merge branch 'maint-0.2.8' into maint-0.2.9 | Nick Mathewson | |
| 2017-06-27 | Merge branch 'maint-0.2.9' into maint-0.3.0 | Nick Mathewson | |
| 2017-06-27 | Merge branch 'maint-0.3.0' into maint-0.3.1 | Nick Mathewson | |
| 2017-06-27 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-06-27 | Merge branch 'maint-0.2.7-redux' into maint-0.2.8 | Nick Mathewson | |
| 2017-06-27 | Merge branch 'maint-0.2.6' into maint-0.2.7-redux | Nick Mathewson | |
| 2017-06-27 | Merge branch 'maint-0.2.5' into maint-0.2.6 | Nick Mathewson | |
| 2017-06-27 | Merge branch 'maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2017-06-27 | Merge branch 'bug22737_024' into maint-0.2.4 | Nick Mathewson | |
| 2017-06-27 | Fix an errant memset() into the middle of a struct in cell_pack(). | Nick Mathewson | |
| This mistake causes two possible bugs. I believe they are both harmless IRL. BUG 1: memory stomping When we call the memset, we are overwriting two 0 bytes past the end of packed_cell_t.body. But I think that's harmless in practice, because the definition of packed_cell_t is: // ... typedef struct packed_cell_t { TOR_SIMPLEQ_ENTRY(packed_cell_t) next; char body[CELL_MAX_NETWORK_SIZE]; uint32_t inserted_time; } packed_cell_t; So we will overwrite either two bytes of inserted_time, or two bytes of padding, depending on how the platform handles alignment. If we're overwriting padding, that's safe. If we are overwriting the inserted_time field, that's also safe: In every case where we call cell_pack() from connection_or.c, we ignore the inserted_time field. When we call cell_pack() from relay.c, we don't set or use inserted_time until right after we have called cell_pack(). SO I believe we're safe in that case too. BUG 2: memory exposure The original reason for this memset was to avoid the possibility of accidentally leaking uninitialized ram to the network. Now remember, if wide_circ_ids is false on a connection, we shouldn't actually be sending more than 512 bytes of packed_cell_t.body, so these two bytes can only leak to the network if there is another bug somewhere else in the code that sends more data than is correct. Fortunately, in relay.c, where we allocate packed_cell_t in packed_cell_new() , we allocate it with tor_malloc_zero(), which clears the RAM, right before we call cell_pack. So those packed_cell_t.body bytes can't leak any information. That leaves the two calls to cell_pack() in connection_or.c, which use stack-alocated packed_cell_t instances. In or_handshake_state_record_cell(), we pass the cell's contents to crypto_digest_add_bytes(). When we do so, we get the number of bytes to pass using the same setting of wide_circ_ids as we passed to cell_pack(). So I believe that's safe. In connection_or_write_cell_to_buf(), we also use the same setting of wide_circ_ids in both calls. So I believe that's safe too. I introduced this bug with 1c0e87f6d8c7a0abdadf1b5cd9082c10abc7f4e2 back in 0.2.4.11-alpha; it is bug 22737 and CID 1401591 | |||
| 2017-06-27 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-06-27 | Merge branch 'bug22719_031' into maint-0.3.1 | Nick Mathewson | |
| 2017-06-27 | changes file for bug 22719 | Nick Mathewson | |
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| summaryrefslogtreecommitdiff |