aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-02-14Merge branch 'bug20894_029_v3'Nick Mathewson
2017-02-14fixup! Don't atoi off the end of a buffer chunk.Nick Mathewson
Use STATIC.
2017-02-14Don't atoi off the end of a buffer chunk.Nick Mathewson
Fixes bug 20894; bugfix on 0.2.0.16-alpha. We already applied a workaround for this as 20834, so no need to freak out (unless you didn't apply 20384 yet).
2017-02-13Merge remote-tracking branch 'dgoulet/bug21116_030_01'Nick Mathewson
2017-02-13Merge branch 'maint-0.2.9'Nick Mathewson
2017-02-13Merge branch 'maint-0.2.8' into maint-0.2.9Nick Mathewson
2017-02-13Merge branch 'maint-0.2.7' into maint-0.2.8Nick Mathewson
2017-02-13Merge branch 'maint-0.2.6' into maint-0.2.7Nick Mathewson
2017-02-13Merge branch 'maint-0.2.5' into maint-0.2.6Nick Mathewson
2017-02-13Merge branch 'maint-0.2.4' into maint-0.2.5Nick Mathewson
2017-02-12Update geoip and geoip6 to the February 8 2017 database.Karsten Loesing
2017-02-09whoops, removed a semicolon :(Nick Mathewson
2017-02-09One more prop271 XXX.Nick Mathewson
2017-02-09Update some more XXXXprop271 comments to refer to actual tickets or to be ↵Nick Mathewson
up-to-date
2017-02-09Remove an XXXprop271 comment: turns out we didn't need a tristateNick Mathewson
2017-02-09Change "prop271" in XXXXs about guard Ed identity to refer to #20872.Nick Mathewson
2017-02-09Remove a suggestion in an XXX271 comment; it is now 21424.Nick Mathewson
2017-02-09Remove an XXXprop271 comment that has been replaced by #21423Nick Mathewson
2017-02-09Revise an XXXprop271 comment -- it has been superseded by #21422Nick Mathewson
2017-02-09Remove an XXXprop271 comment -- it has been replaced by #21421Nick Mathewson
2017-02-09Remove a redundant XXX271 commentNick Mathewson
2017-02-08test: Add missing socket errno in test_util.cDavid Goulet
According to 21116, it seems to be needed for Wheezy Raspbian build. Also, manpage of socket(2) does confirm that this errno value should be catched as well in case of no support from the OS of IPv4 or/and IPv6. Fixes #21116 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-07Merge branch 'maint-0.2.6' into maint-0.2.7Nick Mathewson
2017-02-07Merge branch 'maint-0.2.5' into maint-0.2.6Nick Mathewson
2017-02-07Merge remote-tracking branch 'public/bug18710_025' into maint-0.2.5Nick Mathewson
2017-02-07Merge branch 'maint-0.2.4' into maint-0.2.5Nick Mathewson
2017-02-07Disable a log_backtrace (which 0.2.4 does not have) in 16248 fixNick Mathewson
2017-02-07Add comments to connection_check_event().Nick Mathewson
2017-02-07Change behavior on missing/present event to warn instead of asserting.Nick Mathewson
Add a changes file.
2017-02-07If we start/stop reading on a dnsserv connection, don't assert.Nick Mathewson
Fixes bug 16248. Patch from cypherpunks. Bugfix on 0.2.0.1-alpha.
2017-02-07Revert "Add hidserv-stats filname to our sandbox filter"Nick Mathewson
Reverting this in 0.2.6 only -- we're no backporting seccomp2-loosening fixes to 0.2.6. This reverts commit 2ec5e24c58a08816ed2f09c8bd6301599bc2f2f7.
2017-02-07Do not truncate too long hostnamesjunglefowl
If a hostname is supplied to tor-resolve which is too long, it will be silently truncated, resulting in a different hostname lookup: $ tor-resolve $(python -c 'print("google.com" + "m" * 256)') If tor-resolve uses SOCKS5, the length is stored in an unsigned char, which overflows in this case and leads to the hostname "google.com". As this one is a valid hostname, it returns an address instead of giving an error due to the invalid supplied hostname.
2017-02-07Merge branch 'teor_bug21357-v2_029' into maint-0.2.9Nick Mathewson
2017-02-07Merge branch 'bug21108_029' into maint-0.2.9Nick Mathewson
2017-02-07Merge branch 'maint-0.2.5' into maint-0.2.6Nick Mathewson
2017-02-07Merge branch 'maint-0.2.4' into maint-0.2.5Nick Mathewson
2017-02-07Backport the tonga->bifroest move to 0.2.4.Nick Mathewson
This is a backport of 19728 and 19690
2017-02-07Merge branch 'maint-0.2.6' into maint-0.2.7Nick Mathewson
2017-02-07Merge branch 'maint-0.2.5' into maint-0.2.6Nick Mathewson
2017-02-07Merge branch 'maint-0.2.4' into maint-0.2.5Nick Mathewson
2017-02-07Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4Nick Mathewson
2017-02-07Merge branch 'maint-0.2.5' into maint-0.2.6Nick Mathewson
2017-02-07Merge branch 'maint-0.2.4' into maint-0.2.5Nick Mathewson
2017-02-07Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.4Nick Mathewson
2017-02-07Merge branch 'maint-0.2.4' into maint-0.2.5Nick Mathewson
2017-02-07Refine the memwipe() arguments check for 18089 a little more.Nick Mathewson
We still silently ignore memwipe(NULL, ch, 0); and memwipe(ptr, ch, 0); /* for ptr != NULL */ But we now assert on: memwipe(NULL, ch, 30);
2017-02-07Make memwipe() do nothing when passed a NULL pointer or zero sizeteor (Tim Wilson-Brown)
Check size argument to memwipe() for underflow. Closes bug #18089. Reported by "gk", patch by "teor". Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352), commit 49dd5ef3 on 7 Nov 2012.
2017-02-07Fix out-of-bounds read in INTRODUCE2 client authJohn Brooks
The length of auth_data from an INTRODUCE2 cell is checked when the auth_type is recognized (1 or 2), but not for any other non-zero auth_type. Later, auth_data is assumed to have at least REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds read. Fixed by checking auth_len before comparing the descriptor cookie against known clients. Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-02-03Bump to 0.3.0.3-alpha-devNick Mathewson
2017-02-03Fix "make distcheck".Nick Mathewson
I had forgotten to include the fuzz_static_testcases.sh script in EXTRA_DIST.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion