| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-06-20 | fix memory leak in protover.c | Roger Dingledine | |
| Fix a memory leak where directory authorities would leak a chunk of memory for every router descriptor every time they considered voting. This bug was taking down directory authorities in the live network due to out-of-memory issues. Fixes bug 26435; bugfix on 0.3.3.6. | |||
| 2018-06-16 | Fix a bug in my fix for #26258 | Nick Mathewson | |
| The fix here is use a different bourne shell subsitution for CARGO_ONLINE, so that an empty string counts as set. | |||
| 2018-06-14 | Merge remote-tracking branch 'public/bug26258_033' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-13 | squash! Make sure that the test_rust.sh script fails when a test fails | Nick Mathewson | |
| Also make sure that we're actually running the test from within the right cwd, like we do when we're building. This seems necessary to avoid an error when running offline. Amusingly, it appears that we had this bug before: we just weren't noticing it, because of bug 26258. | |||
| 2018-06-13 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-13 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-06-13 | Merge branch 'bug26158_031' into maint-0.3.1 | Nick Mathewson | |
| 2018-06-13 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-13 | Merge branch 'bug25686_diagnostic_032' into maint-0.3.2 | Nick Mathewson | |
| 2018-06-12 | bump to 0.3.3.7-dev | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-12 | Add IPv6 orport address for dannenberg. | Linus Nordberg | |
| 2018-06-12 | Bump to 0.3.3.7 | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-12 | Merge remote-tracking branch 'teor/bug26272-031' into maint-0.3.1 | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-12 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-06-11 | Several attempts to diagnose ticket 25686 | Nick Mathewson | |
| There are a few reasons that relays might be uploading desciptors without saying X-Desc-Gen-Reason: 1. They are running an old version of our software, before 0.3.2.stable. 2. They are not running our software, but they are claiming they are. 3. They are uploading through a proxy that strips X-Desc-Gen-Reason. 4. They somehow had a bug in their software. According to the 25686 data, 1 is the most common reason. This ticket is an attempt to diagnose case 4, or prove that case 4 doesn't actually happen. | |||
| 2018-06-11 | Update geoip and geoip6 to the June 7 2018 database. | Karsten Loesing | |
| 2018-06-08 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-08 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-06-08 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-06-08 | Avoid out-of-bounds smartlist access in protover_compute_vote() | rl1987 | |
| and contract_protocol_list() | |||
| 2018-06-02 | Silence unused-const-variable warnings in zstd.h on some gcc versions | teor | |
| Fixes bug 26272; bugfix on 0.3.1.1-alpha. | |||
| 2018-06-02 | Merge branch 'bug26121-033-squashed' into maint-0.3.3 | Nick Mathewson | |
| 2018-06-02 | Bug 26121: Improve BUILDTIMEOUT_SET accuracy. | Mike Perry | |
| We were miscounting the total number of circuits for the TIMEOUT_RATE and CLOSE_RATE fields of this event. | |||
| 2018-05-31 | Make sure that the test_rust.sh script fails when a test fails | Nick Mathewson | |
| Exit codes from find(1) seem not to be so reliable as we had hoped. Closes ticket 26258; bugfix on 0.3.3.4-alpha when we fixed #25560 | |||
| 2018-05-27 | Merge remote-tracking branch 'public/bug25691_033_again_squashed' into ↵ | Nick Mathewson | |
| maint-0.3.3 | |||
| 2018-05-24 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-05-24 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-05-24 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-24 | Merge branch 'bug26116_033' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-24 | Merge branch 'bug26116_029' into maint-0.2.9 | Nick Mathewson | |
| 2018-05-24 | Add a unit test for PEM-encrypted documents. | Nick Mathewson | |
| 2018-05-22 | Update version to 0.3.3.6-dev | Nick Mathewson | |
| 2018-05-22 | Merge branch 'trove-2018-005_032' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-22 | avoid a signed/unsigned comparison. | Nick Mathewson | |
| 2018-05-22 | Make the TROVE-2018-005 fix work with rust. | Nick Mathewson | |
| 2018-05-22 | Merge branch 'trove-2018-005_032' into maint-0.3.3 | Nick Mathewson | |
| 2018-05-22 | uint breaks compilation on windows | Nick Mathewson | |
| 2018-05-22 | version bump to 0.3.3.6 | Nick Mathewson | |
| 2018-05-22 | rust: Mirror TROVE-2018-005 fix in Rust protover implementation. | Isis Lovecruft | |
| * REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the splitting/parsing logic in to a new `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that both `from_str()` and `from_str_any_len()` can call it.) * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to maintain compatibility with consensus methods older than 29. * ADD a limit on the number of characters in a protocol name. * FIXES part of #25517: https://bugs.torproject.org/25517 | |||
| 2018-05-22 | Merge branch 'trove-2018-005_032' into trove-2018-005_033 | Nick Mathewson | |
| 2018-05-22 | Add stdbool to protover.h. Only needed for the 032 backport | Nick Mathewson | |
| 2018-05-22 | vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. | Isis Lovecruft | |
| 2018-05-22 | protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing. | Isis Lovecruft | |
| In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of `proto_entry_t`s to their protocol name concatenated with each version number. For example, given a `proto_entry_t` like so: proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t)); proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t)); proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa"); proto->ranges = smartlist_new(); range->low = 1; range->high = 65536; smartlist_add(proto->ranges, range); (Where `[19KB]` is roughly 19KB of `"a"` bytes.) This would expand in `expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the string, e.g.: "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1" "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2" […] "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535" Thus constituting a potential resource exhaustion attack. The Rust implementation is not subject to this attack, because it instead expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031, and a `HashMap<UnvalidatedProtocol, ProtoSet>` after). Neither Rust version is subject to this attack, because it only stores the `String` once per protocol. (Although a related, but apparently of too minor impact to be usable, DoS bug has been fixed in #24031. [0]) [0]: https://bugs.torproject.org/24031 * ADDS hard limit on protocol name lengths in protover.c and checks in parse_single_entry() and expand_protocol_list(). * ADDS tests to ensure the bug is caught. * FIXES #25517: https://bugs.torproject.org/25517 | |||
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| summaryrefslogtreecommitdiff |