| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-06-12 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-06-12 | Add IPv6 orport address for dannenberg. | Linus Nordberg | |
| 2018-06-08 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-08 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-06-08 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-06-08 | Avoid out-of-bounds smartlist access in protover_compute_vote() | rl1987 | |
| and contract_protocol_list() | |||
| 2018-06-02 | Merge branch 'bug26121-033-squashed' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-02 | Bug 26121: Improve BUILDTIMEOUT_SET accuracy. | Mike Perry | |
| We were miscounting the total number of circuits for the TIMEOUT_RATE and CLOSE_RATE fields of this event. | |||
| 2018-05-27 | Merge remote-tracking branch 'public/bug25691_033_again_squashed' into ↵ | Nick Mathewson | |
| maint-0.3.3 | |||
| 2018-05-22 | Merge branch 'trove-2018-005_032' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-22 | avoid a signed/unsigned comparison. | Nick Mathewson | |
| 2018-05-22 | Make the TROVE-2018-005 fix work with rust. | Nick Mathewson | |
| 2018-05-22 | Merge branch 'trove-2018-005_032' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-22 | uint breaks compilation on windows | Nick Mathewson | |
| 2018-05-22 | Merge branch 'trove-2018-005_032' into trove-2018-005_033 | Nick Mathewson | |
| 2018-05-22 | Add stdbool to protover.h. Only needed for the 032 backport | Nick Mathewson | |
| 2018-05-22 | vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. | Isis Lovecruft | |
| 2018-05-22 | protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing. | Isis Lovecruft | |
| In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of `proto_entry_t`s to their protocol name concatenated with each version number. For example, given a `proto_entry_t` like so: proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t)); proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t)); proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa"); proto->ranges = smartlist_new(); range->low = 1; range->high = 65536; smartlist_add(proto->ranges, range); (Where `[19KB]` is roughly 19KB of `"a"` bytes.) This would expand in `expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the string, e.g.: "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1" "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2" […] "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535" Thus constituting a potential resource exhaustion attack. The Rust implementation is not subject to this attack, because it instead expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031, and a `HashMap<UnvalidatedProtocol, ProtoSet>` after). Neither Rust version is subject to this attack, because it only stores the `String` once per protocol. (Although a related, but apparently of too minor impact to be usable, DoS bug has been fixed in #24031. [0]) [0]: https://bugs.torproject.org/24031 * ADDS hard limit on protocol name lengths in protover.c and checks in parse_single_entry() and expand_protocol_list(). * ADDS tests to ensure the bug is caught. * FIXES #25517: https://bugs.torproject.org/25517 | |||
| 2018-05-22 | Fix a crash bug when testing reachability | Nick Mathewson | |
| Fixes bug 25415; bugfix on 0.3.3.2-alpha. | |||
| 2018-05-16 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-16 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-05-16 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-05-14 | Add a missing return after marking a stream for bad connected cell | Nick Mathewson | |
| Fixes bug 26072; bugfix on 0.2.4.7-alpha. | |||
| 2018-05-10 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-10 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-05-10 | hs-v3: Add an extra white-space when parsing descriptor | David Goulet | |
| The specification describes the signature token to be right after a newline (\n) then the token "signature" and then a white-space followed by the encoded signature. This commit makes sure that when we parse the signature from the descriptor, we are always looking for that extra white-space at the end of the token. It will allow us also to support future fields that might start with "signature". Fixes #26069 Signed-off-by: David Goulet <dgoulet@torproject.org> | |||
| 2018-05-10 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-10 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-05-10 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-05-09 | Having a ControlPort open doesn't mean we are a client | David Goulet | |
| The any_client_port_set() returns true if the ControlPort is set which is wrong because we can have that port open but still not behave as a tor client (like many relays for instance). Fixes #26062 Signed-off-by: David Goulet <dgoulet@torproject.org> | |||
| 2018-05-09 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-09 | Merge remote-tracking branch 'asn-github/bug25761_032' into maint-0.3.2 | Nick Mathewson | |
| 2018-05-09 | Detect when v3 services get disabled after HUP. | George Kadianakis | |
| Remove v3 optimization which made Tor not detect disabling services. This optimization is not so needed because we only call that function after HUP anyway. Fixes bug #25761. | |||
| 2018-05-09 | Detect when v2 services get disabled after HUP. | George Kadianakis | |
| During service configuration, rend_service_prune_list_impl_() sets rend_service_staging_list to NULL, which blocked pruning after a HUP. This patch initializes rend_service_staging_list when needed, so that HUP can detect disabled onion services. Fixes bug #25761. | |||
| 2018-05-07 | Merge remote-tracking branch 'mikeperry/bug25733_029' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-02 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-05-02 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-05-02 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-02 | Stop logging stack contents when reading a zero-length bandwidth file | teor | |
| When directory authorities read a zero-byte bandwidth file, they log a warning with the contents of an uninitialised buffer. Log a warning about the empty file instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. | |||
| 2018-04-26 | Bug 25733: Avoid assert failure if all circuits time out. | Mike Perry | |
| Prior to #23100, we were not counting HS circuit build times in our calculation of the timeout. This could lead to a condition where our timeout was set too low, based on non HS circuit build times, and then we would abandon all HS circuits, storing no valid timeouts in the histogram. This commit avoids the assert. | |||
| 2018-04-25 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-04-25 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-04-25 | Fix a copy-paste error in the fix for #23693. | Nick Mathewson | |
| Found by coverity; CID 25912; bug not in any released Tor. | |||
| 2018-04-24 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-04-24 | Merge remote-tracking branch 'dgoulet/bug25901_032_01' into maint-0.3.2 | Nick Mathewson | |
| 2018-04-24 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-04-24 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-04-23 | hs: Fix memleak in v3 on SIGHUP | David Goulet | |
| Fixes #25901 Signed-off-by: David Goulet <dgoulet@torproject.org> | |||
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| summaryrefslogtreecommitdiff |