diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-03-13 10:07:10 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-03-13 10:07:10 -0400 |
| commit | 119896cd43f420a053c552afe390f6d66224b3b7 (patch) | |
| tree | f1a5b043e16a9abda94c1bec9811f4c384e7ef85 /ChangeLog | |
| parent | a522e9492b8c9bad4f33e8cf65d0dc141deda84a (diff) | |
| download | tor-119896cd43f420a053c552afe390f6d66224b3b7.tar tor-119896cd43f420a053c552afe390f6d66224b3b7.tar.gz | |
Fix some leaks/missed checks in the unit tests
Coverity spotted these.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 22 |
1 files changed, 11 insertions, 11 deletions
@@ -1,9 +1,19 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? - o Major features: + o Major features (security, DoS-resistance): - Also consider stream buffer sizes when calculating OOM conditions. Rename MaxMemInCellQueues to MaxMemInQueues. Fixes bug 10169. + - Avoid hash-flooding denial-of-service attacks by using the secure + SipHash-2-4 hash function for our hashtables. Without this + feature, an attacker could degrade performance of a targeted + client or server by flooding their data structures with a large + number of data entries all calculated to be stored at the same + hash table position, thereby degrading hash table + performance. With this feature, hash table positions are derived + from a randomized cryptographic key using SipHash-2-4, and an + attacker cannot predict which entries will collide. + Closes ticket 4900. o Minor features: - Bridges write the SHA1 digest of their identity key fingerprint to @@ -23,16 +33,6 @@ Changes in version 0.2.5.3-alpha - 2014-03-?? database. - Decrease the lower limit of MaxMemInQueues to 256 MBytes, to appease raspberry pi users. Fixes bug 9686. - - Avoid hash-flooding denial-of-service attacks by using the secure - SipHash-2-4 hash function for our hashtables. Without this - feature, an attacker could degrade performance of a targeted - client or server by flooding their data structures with a large - number of data entries all calculated to be stored at the same - hash table position, thereby degrading hash table - performance. With this feature, hash table positions are derived - from a randomized cryptographic key using SipHash-2-4, and an - attacker cannot predict which entries will collide. - Closes ticket 4900. - Made PREDICTED_CIRCS_RELEVANCE_TIME configurable from config file with a new option, PredictedPortsRelevanceTime. Implements ticket #9176. Patch by unixninja92. |