| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fixes bug 22490; bugfix on 6a241ff3ffe7dc1 in 0.2.4.6-alpha.
Found by teor using clang-5.0's AddressSanitizer stack-use-after-scope.
|
|
Fix for TROVE-2017-001 and bug 21278.
(Note: Instead of handling signed ints "correctly", we keep the old
behavior, except for the part where we would crash with -ftrapv.)
|
|
|
|
|
|
Add a changes file.
|
|
Fixes bug 16248. Patch from cypherpunks. Bugfix on 0.2.0.1-alpha.
|
|
This is a backport of 19728 and 19690
|
|
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.
Fixed by checking auth_len before comparing the descriptor cookie
against known clients.
Fixes #15823; bugfix on 0.2.1.6-alpha.
|
|
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.
|
|
|
|
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.
This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.
Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
|
|
It had been a directory authority since 0.2.1.20.
|
|
This new identity key was changed on 18 November 2015.
|
|
|
|
There was a dead check when we made sure that an array member of a
struct was non-NULL. Tor has been doing this check since at least
0.2.3, maybe earlier.
Fixes bug 17781.
|
|
In theory these should never the triggered as the only caller now
validates the parameters before this routine gets called.
|
|
Found by DonnchaC.
|
|
Fixes bug 15600; reported by skruffy
|
|
|
|
(Sending a nak would be pointless.)
See ticket 15515 for discussion.
|
|
|
|
|
|
|
|
This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha.
Patch from 'cypherpunks'
|
|
|
|
|
|
Also, avoid crashing when we attempt to double-remove an edge
connection from the DNS resolver: just log a bug warning instead.
Fixes bug 14129. Bugfix on 0d20fee2fbd48978, which was in 0.0.7rc1.
jowr found the bug. cypherpunks wrote the fix. I added the log
message and removed the assert.
|
|
|
|
|
|
|
|
|
|
|
|
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.
Fixes bug 13151; bugfix on 0.2.1.5-alpha.
|
|
Those used to be normal to receive on hidden service circuits due to bug
1038, but the buggy Tor versions are long gone from the network so we
can afford to resume watching for them. Resolves the rest of bug 1038;
bugfix on 0.2.1.19.
|
|
|
|
Roger spotted this on tor-dev in his comments on proposal 221.
(Actually, detect DESTROY vs everything else, since arma likes
network timeout indicating failure but not overload indicating failure.)
|
|
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
|
|
|
|
When specified, it overrides our default of 3 entry guards.
(By default, it overrides the number of directory guards too.)
Implements ticket 12688.
|
|
|
|
Conflicts:
src/or/microdesc.c
|
|
The 0.2.5.x warning is the one that might help us track this down; the
warnings in stable are just annoying users over and over and over.
|
|
|
|
|
|
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.
This is a backport of 647248729fa65f0e51d062e2af8f4e8b38592bf5 to 0.2.4.
Note that in 0.2.4, the option is called MaxMemInCellQueues.
|
|
|
|
When clearing a list of tokens, it's important to do token_clear()
on them first, or else any keys they contain will leak. This didn't
leak memory on any of the successful microdescriptor parsing paths,
but it does leak on some failing paths when the failure happens
during tokenization.
Fixes bug 11618; bugfix on 0.2.2.6-alpha.
|
|
Fixes bug 10849; bugfix on 0.2.1.1-alpha (I believe)
|
|
|
