summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-02-24hs: Fix bad use of sizeof() when encoding ESTABLISH_INTRO legacy cellDavid Goulet
When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof() on a pointer instead of using the real size of the destination buffer leading to an overflow passing an enormous value to the signing digest function. Fortunately, that value was only used to make sure the destination buffer length was big enough for the key size and in this case it always was because of the overflow. Fixes #21553 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-17Remove a redundant check in ..transition_affects_guards()Nick Mathewson
scan-build found that we we checking UseEntryGuards twice. Fixes bug 21492.
2017-02-17Merge branch 'maint-0.2.9' into maint-0.3.0Nick Mathewson
2017-02-17Check for micro < 0, rather than checking "minor" twice.Nick Mathewson
Bug found with clang scan-build. Fixes bug on f63e06d3dc6757d. Bug not present in any released Tor.
2017-02-15hs: Avoid a strlen(NULL) if descriptor is not found in cacheDavid Goulet
Instead of returning 404 error code, this led to a NULL pointer being used and thus a crash of tor. Fixes #21471 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-15Merge branch 'maint-0.2.9'Nick Mathewson
2017-02-15whoops; make 21450 compileNick Mathewson
2017-02-15Merge branch 'bug21447'Nick Mathewson
2017-02-15Merge branch 'maint-0.2.9'Nick Mathewson
2017-02-15Limit version numbers to 0...INT32_MAX.Nick Mathewson
Closes 21450; patch from teor.
2017-02-15Merge branch 'maint-0.2.9'Nick Mathewson
2017-02-15Merge branch 'maint-0.2.8' into maint-0.2.9Nick Mathewson
2017-02-15Merge branch 'maint-0.2.7' into maint-0.2.8Nick Mathewson
2017-02-15Merge branch 'maint-0.2.6' into maint-0.2.7maint-0.2.7Nick Mathewson
2017-02-15Merge branch 'maint-0.2.5' into maint-0.2.6Nick Mathewson
2017-02-15Merge branch 'maint-0.2.8' of git-rw.torproject.org:/tor into maint-0.2.8Nick Mathewson
2017-02-15Merge branch 'maint-0.2.7' of git-rw.torproject.org:/tor into maint-0.2.7Nick Mathewson
2017-02-15Merge branch 'maint-0.2.6' of git-rw.torproject.org:/tor into maint-0.2.6Nick Mathewson
2017-02-15Merge branch 'maint-0.2.5' of git-rw.torproject.org:/tor into maint-0.2.5Nick Mathewson
2017-02-15Merge branch 'maint-0.2.9'Nick Mathewson
2017-02-15Merge branch 'bug21278_extra_029' into maint-0.2.9Nick Mathewson
2017-02-15Merge branch 'bug21278_redux_029_squashed' into maint-0.2.9Nick Mathewson
2017-02-15Merge branch 'maint-0.2.8' into maint-0.2.9Nick Mathewson
2017-02-15Merge branch 'maint-0.2.7' into maint-0.2.8Nick Mathewson
2017-02-15Merge branch 'maint-0.2.6' into maint-0.2.7Nick Mathewson
2017-02-15Merge branch 'maint-0.2.5' into maint-0.2.6Nick Mathewson
2017-02-15Merge branch 'maint-0.2.4' into maint-0.2.5Nick Mathewson
2017-02-15give tor_version_parse_platform some function documentationRoger Dingledine
2017-02-15When examining descriptors as a dirserver, reject ones with bad versionsNick Mathewson
This is an extra fix for bug 21278: it ensures that these descriptors and platforms will never be listed in a legit consensus.
2017-02-15Extract the part of tor_version_as_new_as that extracts platformNick Mathewson
Also add a "strict" mode to reject negative inputs.
2017-02-14Merge remote-tracking branch 'dgoulet/ticket20656_030_01'Nick Mathewson
2017-02-14Merge branch 'bug20894_029_v3'Nick Mathewson
2017-02-14Rename make fuzz to make test-fuzz-corporaNick Mathewson
2017-02-14fixup! Don't atoi off the end of a buffer chunk.Nick Mathewson
Use STATIC.
2017-02-14fixup! Don't atoi off the end of a buffer chunk.Nick Mathewson
Credit AFL in the changes file.
2017-02-14Don't atoi off the end of a buffer chunk.Nick Mathewson
Fixes bug 20894; bugfix on 0.2.0.16-alpha. We already applied a workaround for this as 20834, so no need to freak out (unless you didn't apply 20384 yet).
2017-02-14changes file for removing compare-by-subtraction patternNick Mathewson
2017-02-14Prevent int underflow in dirvote.c compare_vote_rs_.Nick Mathewson
This should be "impossible" without making a SHA1 collision, but let's not keep the assumption that SHA1 collisions are super-hard. This prevents another case related to 21278. There should be no behavioral change unless -ftrapv is on.
2017-02-14Fix policies.c instance of the "if (r=(a-b)) return r" patternNick Mathewson
I think this one probably can't underflow, since the input ranges are small. But let's not tempt fate. This patch also replaces the "cmp" functions here with just "eq" functions, since nothing actually checked for anything besides 0 and nonzero. Related to 21278.
2017-02-14Avoid integer underflow in tor_version_compare.Nick Mathewson
Fix for TROVE-2017-001 and bug 21278. (Note: Instead of handling signed ints "correctly", we keep the old behavior, except for the part where we would crash with -ftrapv.)
2017-02-14protover: Add new version for prop224 for HSIntro/HSDirDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-13Merge remote-tracking branch 'dgoulet/bug21116_030_01'Nick Mathewson
2017-02-13Merge branch 'maint-0.2.9'Roger Dingledine
2017-02-13Merge branch 'maint-0.2.8' into maint-0.2.9Roger Dingledine
2017-02-13Merge branch 'maint-0.2.7' into maint-0.2.8Roger Dingledine
2017-02-13Merge branch 'maint-0.2.6' into maint-0.2.7Roger Dingledine
2017-02-13Merge branch 'maint-0.2.5' into maint-0.2.6Roger Dingledine
2017-02-13Merge branch 'maint-0.2.4' into maint-0.2.5Roger Dingledine
2017-02-13be sure to remember the changes file for #20384Roger Dingledine
2017-02-13Merge branch 'maint-0.2.9'Nick Mathewson
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion