aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2010-12-15Make payloads into uint8_t.Nick Mathewson
This will avoid some signed/unsigned assignment-related bugs.
2010-12-13Have all of our allocation functions and a few others check for underflowNick Mathewson
It's all too easy in C to convert an unsigned value to a signed one, which will (on all modern computers) give you a huge signed value. If you have a size_t value of size greater than SSIZE_T_MAX, that is way likelier to be an underflow than it is to be an actual request for more than 2gb of memory in one go. (There's nothing in Tor that should be trying to allocate >2gb chunks.)
2010-12-13Base SIZE_T_CEILING on SSIZE_T_MAX.Nick Mathewson
2010-11-23Fix compilation with mingw and OpenSSL 0.9.8m+mingw-san
2010-11-23Use S_CASE for ehostunreach, not E_CASE. Partial backport of 69deb22f. Fixes ↵Nick Mathewson
0.2.1 compilation on windows
2010-11-21Merge branch 'fix2204' into maint-0.2.1Nick Mathewson
2010-11-20Do not set the hostname TLS extension server-side; only client-sideNick Mathewson
This may fix bug 2204, and resolve the incompatibility with openssl 0.9.8p/1.0.0b.
2010-11-12Disable logging to control port connections in buf_shrink_freelists.Robert Ransom
If buf_shrink_freelists calls log_warn for some reason, we don't want the log call itself to throw buf_shrink_freelists further off the rails.
2010-11-12Move the original log_info call out of the core of buf_shrink_freelists.Robert Ransom
Sending a log message to a control port can cause Tor to allocate a buffer, thereby changing the length of the freelist behind buf_shrink_freelists's back, thereby causing an assertion to fail. Fixes bug #1125.
2010-11-11let unpublished bridges learn their ip address tooRoger Dingledine
2010-11-10Enforce multiplicity rules when parsing annotations.Nick Mathewson
We would never actually enforce multiplicity rules when parsing annotations, since the counts array never got entries added to it for annotations in the token list that got added by earlier calls to tokenize_string. Found by piebeer.
2010-11-10Fix a bug where seting allow_annotations==0 only ignores annotations, but ↵Nick Mathewson
does not block them
2010-10-04Update to the October 1 2010 Maxmind GeoLite Country database.Karsten Loesing
2010-09-28actually retry bridges when your network goes awayRoger Dingledine
2010-09-08Merge remote branch 'karsten/geoip-sep2010' into maint-0.2.1Nick Mathewson
2010-09-08Remove a needless keep_open_until_flushedNick Mathewson
2010-09-08Update to the September 1 2010 Maxmind GeoLite Country database.Karsten Loesing
2010-09-03Close a non-open OR connection *only* after KeepalivePeriod.Nick Mathewson
When we introduced the code to close non-open OR connections after KeepalivePeriod had passed, we replaced some code that said if (!connection_is_open(conn)) { /* let it keep handshaking forever */ } else if (do other tests here) { ... with new code that said if (!connection_is_open(conn) && past_keepalive) { /* let it keep handshaking forever */ } else if (do other tests here) { ... This was a mistake, since it made all the other tests start applying to non-open connections, thus causing bug 1840, where non-open connections get closed way early. Fixes bug 1840. Bugfix on 0.2.1.26 (commit 67b38d50).
2010-08-18Backport END_STREAM_REASON_NOROUTE for client use.Sebastian Hahn
(Partial backport of 150ed553dfce9, 161b275028e90, and 4c948ffd6.)
2010-08-17Merge branch 'bug1141_v3' into maint-0.2.1Nick Mathewson
2010-08-17Scale CONSENSUS_MIN_SECONDS_BEFORE_CACHING by voting intervalNick Mathewson
If the voting interval was short enough, the two-minutes delay of CONSENSUS_MIN_SECONDS_BEFORE_CACHING would confuse bridges to the point where they would assert before downloading a consensus. It it was even shorter (<4 minutes, I think), caches would assert too. This patch fixes that by having replacing the two-minutes value with MIN(2 minutes, interval/16). Bugfix for 1141; the cache bug could occur since 0.2.0.8-alpha, so I'm calling this a bugfix on that. Robert Hogan diagnosed this. Done as a patch against maint-0.2.1, since it makes it hard to run some kinds of testing networks.
2010-08-03Update to the August 1 2010 Maxmind GeoLite Country database.Karsten Loesing
2010-06-11Add maatuska as eighth v3 directory authority.Karsten Loesing
2010-06-07Update to June 1 2010 Maxmind GeoLite Country database.Karsten Loesing
2010-05-06move to maxmind geoip dbRoger Dingledine
2010-04-23close idle tls conns earlyRoger Dingledine
2010-04-23finally get rid of "clique mode"Roger Dingledine
2010-04-23close idle dir-fetch circs earlyRoger Dingledine
2010-04-13Fix renegotiation on OpenSSL versions that backport RFC5746.Nick Mathewson
Our code assumed that any version of OpenSSL before 0.9.8l could not possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. This is so... except that many vendors have backported the flag from later versions of openssl when they backported the RFC5476 renegotiation feature. The new behavior is particularly annoying to detect. Previously, leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that clients would fail to renegotiate. People noticed that one fast! Now, OpenSSL's RFC5476 support means that clients will happily talk to any servers there are, but servers won't accept renegotiation requests from unpatched clients unless SSL_OP_ALLOW_etc is set. More fun: servers send back a "no renegotiation for you!" error, which unpatched clients respond to by stalling, and generally producing no useful error message. This might not be _the_ cause of bug 1346, but it is quite likely _a_ cause for bug 1346.
2010-04-12testsuite: Prevent the main thread from starving the worker threadsPeter Palfrader
2010-04-12testsuite: Only free the main mutex when and if all the worker threads are donePeter Palfrader
2010-04-03fetch relay descriptors from v3 authoritiesRoger Dingledine
2010-03-15bump to 0.2.1.25Roger Dingledine
it's perfect, let's ship it
2010-03-06clean up the 0.2.1.25 changelogRoger Dingledine
2010-03-04Apply Roger's bug 1269 fix.Nick Mathewson
From http://archives.seul.org/tor/relays/Mar-2010/msg00006.html : As I understand it, the bug should show up on relays that don't set Address to an IP address (so they need to resolve their Address line or their hostname to guess their IP address), and their hostname or Address line fails to resolve -- at that point they'll pick a random 4 bytes out of memory and call that their address. At the same time, relays that *do* successfully resolve their address will ignore the result, and only come up with a useful address if their interface address happens to be a public IP address.
2010-03-02Backport fix for time-goes-forward test. Fix bug 1267Nick Mathewson
2010-02-27Update Tor Project copyright yearsNick Mathewson
2010-02-27Properly handle non-terminated stringsSebastian Hahn
Treat strings returned from signed_descriptor_get_body_impl() as not NUL-terminated. Since the length of the strings is available, this is not a big problem. Discovered by rieo.
2010-02-26Proper NULL checking in circuit_list_path_impl()Sebastian Hahn
Another dereference-then-NULL-check sequence. No reports of this bug triggered in the wild. Fixes bugreport 1256. Thanks to ekir for discovering and reporting this bug.
2010-02-26Proper NULL checking for hsdesc publicationSebastian Hahn
Fix a dereference-then-NULL-check sequence. This bug wasn't triggered in the wild, but we should fix it anyways in case it ever happens. Also make sure users get a note about this being a bug when they see it in their log. Thanks to ekir for discovering and reporting this bug.
2010-02-26Zero a cipher completely before freeing itSebastian Hahn
We used to only zero the first ptrsize bytes of the cipher. Since cipher is large enough, we didn't zero too many bytes. Discovered and fixed by ekir. Fixes bug 1254.
2010-02-21bump to 0.2.1.24Roger Dingledine
2010-02-18Bump version to 0.2.1.23-devNick Mathewson
2010-02-18Fix compileSebastian Hahn
2010-02-17Even more conservative option-setting for SSL renegotiation.Nick Mathewson
This time, set the SSL3_FLAGS_ALLOW_UNSAFE_RENEGOTIATION flag on every version before OpenSSL 0.9.8l. I can confirm that the option value (0x0010) wasn't reused until OpenSSL 1.0.0beta3.
2010-02-12new dannenberg address; make moria2's demise official.Roger Dingledine
2010-02-12prepare for 0.2.1.23Roger Dingledine
2010-02-08Don't use gethostbyname() in resolve_my_address()Sebastian Hahn
Tor has tor_lookup_hostname(), which prefers ipv4 addresses automatically. Bug 1244 occured because gethostbyname() returned an ipv6 address, which Tor cannot handle currently. Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
2010-02-07lookup_last_hid_serv_request() could overflow and leak memorySebastian Hahn
The problem was that we didn't allocate enough memory on 32-bit platforms with 64-bit time_t. The memory leak occured every time we fetched a hidden service descriptor we've fetched before.
2010-01-31Revise OpenSSL fix to work with OpenSSL 1.0.0beta*Nick Mathewson
In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l, and you mustn't use the SSL_OP solution with anything before 0.9.8m, and you get in _real_ trouble if you try to set the flag in 1.0.0beta, since they use it for something different. For the ugly version, see my long comment in tortls.c