| Commit message (Expand) | Author | Age |
|---|
| ... | |
| * | | | Remove misc unnecessary newlines found by new check. | Mike Perry | 2010-02-22 |
| * | | | Add %lld compat defines. | Mike Perry | 2010-02-22 |
| | |/
|/| |
|
| * | | Merge remote branch 'sebastian/bug1254' | Nick Mathewson | 2010-02-22 |
| |\ \ |
|
| | * | | Zero a cipher completely before freeing it•••We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.
| Sebastian Hahn | 2010-02-22 |
| * | | | Make expand_filename into a tor_strdup() alias on windows.•••On Windows, we don't have a notion of ~ meaning "our homedir", so we
were deliberately using an #ifdef to avoid calling expand_filename()
in multiple places. This is silly: The right place to turn a function
into a no-op on a single platform is in the function itself, not in
every single call-site.
| Nick Mathewson | 2010-02-22 |
| |/ / |
|
| * | | fix typo and garbage grammar | Roger Dingledine | 2010-02-21 |
| * | | Merge remote branch 'sebastian/bug1143' | Nick Mathewson | 2010-02-19 |
| |\ \ |
|
| | * | | Make the DNSPort option work with libevent 2.x•••We need to use evdns_add_server_port_with_base() when configuring
our DNS listener, because libevent segfaults otherwise. Add a macro
in compat_libevent.h to pick the correct implementation depending
on the libevent version.
Fixes bug 1143, found by SwissTorExit
| Sebastian Hahn | 2010-02-19 |
| * | | | Merge remote branch 'origin/maint-0.2.1'•••Conflicts:
ChangeLog
configure.in
contrib/tor-mingw.nsi.in
src/win32/orconfig.h
| Nick Mathewson | 2010-02-18 |
| |\ \ \
| |/ /
|/| /
| |/ |
|
| | * | Fix compile | Sebastian Hahn | 2010-02-18 |
| | * | Even more conservative option-setting for SSL renegotiation.•••This time, set the SSL3_FLAGS_ALLOW_UNSAFE_RENEGOTIATION flag on every
version before OpenSSL 0.9.8l. I can confirm that the option value (0x0010)
wasn't reused until OpenSSL 1.0.0beta3.
| Nick Mathewson | 2010-02-17 |
| * | | Remove the --enable-iphone option as needless.•••On or-talk, Marco Bonetti reports that recent iPhone SDKs build
Tor fine without it.
| Nick Mathewson | 2010-02-12 |
| * | | Add Windows version detection for Vista and 7•••Vista is Windows 6.0, and 7 is Windows 6.1. Fixes bug 1097.
Also fix a coding style violation.
| Sebastian Hahn | 2010-02-10 |
| * | | Make tor_addr_copy() conform to memcpy requirements•••The src and dest of a memcpy() call aren't supposed to overlap,
but we were sometimes calling tor_addr_copy() as a no-op.
Also, tor_addr_assign was a redundant copy of tor_addr_copy(); this patch
removes it.
| Nick Mathewson | 2010-02-09 |
| * | | Merge remote branch 'origin/maint-0.2.1' | Nick Mathewson | 2010-01-31 |
| |\| |
|
| | * | Revise OpenSSL fix to work with OpenSSL 1.0.0beta*•••In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.
For the ugly version, see my long comment in tortls.c
| Nick Mathewson | 2010-01-31 |
| | * | Decide whether to use SSL flags based on runtime OpenSSL version.•••We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch. On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.
May fix bug 1225.
[backported]
| Nick Mathewson | 2010-01-29 |
| * | | Detect the correct versions of openssl for tls negotiation fix•••Since it doesn't seem to hurt, we should use _both_ fixes whenever
we see OpenSSL 0.9.7L .. 0.9.8, or OpenSSL 0.9.8L..
| Nick Mathewson | 2010-01-29 |
| * | | Decide whether to use SSL flags based on runtime OpenSSL version.•••We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch. On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.
May fix bug 1225.
| Nick Mathewson | 2010-01-29 |
| * | | Don't unlock a new log until done logging the tor version.•••This might please coverity scan.
| Nick Mathewson | 2010-01-25 |
| * | | Merge remote branch 'origin/maint-0.2.1' | Nick Mathewson | 2010-01-23 |
| |\| |
|
| | * | Avoid a possible crash in tls_log_errors.•••We were checking for msg==NULL, but not lib or proc. This case can
only occur if we have an error whose string we somehow haven't loaded,
but it's worth coding defensively here.
Spotted by rieo on IRC.
| Nick Mathewson | 2010-01-22 |
| * | | Fix build on Solaris by disabling support for DisableAllSwap•••Fixes bug 1198. Solaris doesn't have RLIMIT_MEMLOCK for get/setrlimit,
so disable support because we don't know if all memory can be locked.
| Sebastian Hahn | 2010-01-19 |
| * | | don't list windows capabilities in windows uname•••we never used them, and maybe it's a bad idea to publish them
| Roger Dingledine | 2010-01-15 |
| * | | Merge branch 'ewma' | Nick Mathewson | 2009-12-18 |
| |\ \ |
|
| | * | | Fix comment typos in container.c | Nick Mathewson | 2009-12-15 |
| | * | | Enhance pqueue so we can remove items from the middle.•••This changes the pqueue API by requiring an additional int in every
structure that we store in a pqueue to hold the index of that structure
within the heap.
| Nick Mathewson | 2009-12-12 |
| * | | | Remove duplicate words and a duplicate newline. | Karsten Loesing | 2009-12-18 |
| * | | | Refactor out the 'find string at start of any line' logic.•••We do this in too many places throughout the code; it's time to start
clamping down.
Also, refactor Karsten's patch to use strchr-then-strndup, rather than
malloc-then-strlcpy-then-strchr-then-clear.
| Nick Mathewson | 2009-12-17 |
| * | | | Merge commit 'origin/maint-0.2.1' | Nick Mathewson | 2009-12-15 |
| |\ \ \
| | |/
| |/| |
|
| | * | | Fix bug 1173: remove an assert(unsigned >= 0). | Nick Mathewson | 2009-12-15 |
| * | | | Refactor a bit so that it is safe to include math.h, and mostly not needed. | Nick Mathewson | 2009-12-15 |
| | |/
|/| |
|
| * | | Merge commit 'sebastian/fixes' | Nick Mathewson | 2009-12-12 |
| |\ \ |
|
| | * | | Fix typo in a comment | Sebastian Hahn | 2009-12-12 |
| * | | | Merge commit 'sebastian/coverity' | Nick Mathewson | 2009-12-12 |
| |\ \ \ |
|
| | * | | | crypto_cipher_set_key cannot fail•••In 5e4d53d535a3cc9903250b3df0caa829f1c5e4bf we made it so that
crypto_cipher_set_key cannot fail. The call will now
always succeed, to returning a boolean for success/failure makes
no sense.
| Sebastian Hahn | 2009-10-27 |
| * | | | | Now that FOO_free(NULL) always works, remove checks before calling it. | Nick Mathewson | 2009-12-12 |
| * | | | | *_free functions now accept NULL•••Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.
This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
| Sebastian Hahn | 2009-12-12 |
| | |/ /
|/| | |
|
| * | | | Merge commit 'origin/maint-0.2.1' | Nick Mathewson | 2009-12-04 |
| |\ \ \
| | |/
| |/| |
|
| | * | | Improved workaround for disabled OpenSSL renegotiation.•••It turns out that OpenSSL 0.9.8m is likely to take a completely
different approach for reenabling renegotiation than OpenSSL 0.9.8l
did, so we need to work with both. :p Fixes bug 1158.
(patch by coderman; commit message by nickm)
| Martin Peck | 2009-12-04 |
| * | | | add a minimum for CircuitStreamTimeout, plus a man page•••plus some other unrelated touchups that have been sitting in my
sandbox
| Roger Dingledine | 2009-11-22 |
| * | | | Use the same mlockall checks with tor_set_max_memlock | Nick Mathewson | 2009-11-20 |
| * | | | Fix compilation on OSX 10.3.•••On this OSX version, there is a stub mlockall() function
that doesn't work, *and* the declaration for it is hidden by
an '#ifdef _P1003_1B_VISIBLE'. This would make autoconf
successfully find the function, but our code fail to build
when no declaration was found.
This patch adds an additional test for the declaration.
| Nick Mathewson | 2009-11-20 |
| * | | | Fix compilation with with bionic libc.•••This fixes bug 1147:
bionic doesn't have an actual implementation of mlockall();
mlockall() is merely in the headers but not actually in the library.
This prevents Tor compilation with the bionic libc for Android handsets.
| Jacob Appelbaum | 2009-11-14 |
| * | | | Merge commit 'origin/maint-0.2.1'•••Conflicts:
src/common/tortls.c
| Nick Mathewson | 2009-11-06 |
| |\| | |
|
| | * | | Make Tor work with OpenSSL 0.9.8l•••To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default. We are not affected by this security problem, however,
since we do renegotiation right. (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.
Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.
For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done. There's no way to exploit a second handshake
either, but we might as well not allow it.
| Nick Mathewson | 2009-11-05 |
| | * | | Code to parse and access network parameters.•••Partial backport of 381766ce4b1145460.
Partial backport of 56c6d78520a98fb64.
| Nick Mathewson | 2009-10-14 |
| * | | | Implement DisableAllSwap to avoid putting secret info in page files.•••This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.
Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
| Jacob Appelbaum | 2009-10-27 |
| | |/
|/| |
|
| * | | Remove checks for array existence. (CID 410..415)•••In C, the code "char x[10]; if (x) {...}" always takes the true branch of
the if statement. Coverity notices this now.
In some cases, we were testing arrays to make sure that an operation
we wanted to do would suceed. Those cases are now always-true.
In some cases, we were testing arrays to see if something was _set_.
Those caes are now tests for strlen(s), or tests for
!tor_mem_is_zero(d,len).
| Nick Mathewson | 2009-10-26 |
| * | | Reduce log level for someone else sending us weak DH keys.•••See task 1114. The most plausible explanation for someone sending us weak
DH keys is that they experiment with their Tor code or implement a new Tor
client. Usually, we don't care about such events, especially not on warn
level. If we really care about someone not following the Tor protocol, we
can set ProtocolWarnings to 1.
| Karsten Loesing | 2009-10-25 |