| Commit message (Expand) | Author | Age |
|---|
| * | Fix double-free bug in microdesc parser | cypherpunks | 2011-04-27 |
| * | Standardize our printf code on %d, not %i. | Nick Mathewson | 2011-04-19 |
| * | Correct HS descriptor length check•••Fixes bug 2948.
| Nick Mathewson | 2011-04-18 |
| * | Merge branch 'bug2750-v3' into bug2948 | Robert Ransom | 2011-04-18 |
| |\ |
|
| | * | Add an XXX | Robert Ransom | 2011-04-18 |
| | * | Correct the warning emitted when rejecting an oversized HS desc | Robert Ransom | 2011-04-18 |
| * | | Triage the XXX022 and XXX021 comments remaining in the code•••Remove some, postpone others, leave some alone. Now the only
remaining XXX022s are ones that seem important to fix or investigate.
| Nick Mathewson | 2011-03-25 |
| * | | Fix a log message typo | Robert Ransom | 2011-03-15 |
| * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 | Nick Mathewson | 2011-03-06 |
| |\| |
|
| | * | Oops, here's the *REAL* fix for the ipv6 issue•••We need to _REJECT_ descriptors with accept6/reject6 lines. If we
let them onto the network , other un-upgraded tors will crash.
| Nick Mathewson | 2011-03-06 |
| | * | Revert "Disallow reject6 and accept6 lines in descriptors"•••This reverts commit b3918b3bbbfa9097246d63746c8b540eff2ec8e8.
| Nick Mathewson | 2011-03-06 |
| * | | Merge branch 'maint-0.2.1' into maint-0.2.2 | Sebastian Hahn | 2011-03-06 |
| |\| |
|
| | * | Disallow reject6 and accept6 lines in descriptors•••This fixes a remotely triggerable assert on directory authorities, who
don't handle descriptors with ipv6 contents well yet. We will want to
revert this once we're ready to handle ipv6.
Issue raised by lorth on #tor, who wasn't able to use Tor anymore.
Analyzed with help from Christian Fromme. Fix suggested by arma. Bugfix
on 0.2.1.3-alpha.
| Sebastian Hahn | 2011-03-06 |
| * | | Fix bug in verifying directory signatures with short digests•••If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.
Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
| Nick Mathewson | 2011-01-25 |
| * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 | Nick Mathewson | 2011-01-19 |
| |\| |
|
| | * | Oops; actually add the code to the last patch. :/ | Nick Mathewson | 2011-01-19 |
| * | | Sanity-check consensus param values•••We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.
One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.
This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
| Sebastian Hahn | 2011-01-15 |
| * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts:
src/or/routerparse.c
src/or/test.c
| Nick Mathewson | 2011-01-15 |
| |\| |
|
| | * | Merge branch 'bug2352_obsize' into maint-0.2.1 | Nick Mathewson | 2011-01-15 |
| | |\ |
|
| | | * | catch another overlong malloc possibility. found by cypherpunks | Nick Mathewson | 2011-01-15 |
| | | * | Impose maximum sizes on parsed objects•••An object, you'll recall, is something between -----BEGIN----- and
-----END----- tags in a directory document. Some of our code, as
doorss has noted in bug 2352, could assert if one of these ever
overflowed SIZE_T_CEILING but not INT_MAX. As a solution, I'm setting
a maximum size on a single object such that neither of these limits
will ever be hit. I'm also fixing the INT_MAX checks, just to be sure.
| Nick Mathewson | 2011-01-10 |
| | | * | Add logic in routerparse to not read overlong private keys•••I am not at all sure that it is possible to trigger a bug here,
but better safe than sorry.
| Nick Mathewson | 2011-01-10 |
| * | | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts:
src/or/config.c
src/or/networkstatus.c
src/or/rendcommon.c
src/or/routerparse.c
src/or/test.c
| Nick Mathewson | 2011-01-15 |
| |\| | |
|
| | * | | Fix a heap overflow found by debuger, and make it harder to make that mistake...•••Our public key functions assumed that they were always writing into a
large enough buffer. In one case, they weren't.
(Incorporates fixes from sebastian)
| Nick Mathewson | 2011-01-15 |
| | |/ |
|
| | * | fix whitespace issues | Nick Mathewson | 2011-01-03 |
| * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts:
src/common/test.h
src/or/test.c
| Nick Mathewson | 2011-01-03 |
| |\| |
|
| | * | Bump copyright statements to 2011 | Nick Mathewson | 2011-01-03 |
| * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 | Nick Mathewson | 2010-11-10 |
| |\| |
|
| | * | Enforce multiplicity rules when parsing annotations.•••We would never actually enforce multiplicity rules when parsing
annotations, since the counts array never got entries added to it for
annotations in the token list that got added by earlier calls to
tokenize_string.
Found by piebeer.
| Nick Mathewson | 2010-11-10 |
| | * | Fix a bug where seting allow_annotations==0 only ignores annotations, but doe... | Nick Mathewson | 2010-11-10 |
| * | | Create routerparse.h | Sebastian Hahn | 2010-07-27 |
| * | | Create rephist.h | Sebastian Hahn | 2010-07-27 |
| * | | Create policies.h | Sebastian Hahn | 2010-07-27 |
| * | | Create networkstatus.h | Sebastian Hahn | 2010-07-27 |
| * | | Create microdesc.h | Sebastian Hahn | 2010-07-27 |
| * | | Create dirvote.h | Sebastian Hahn | 2010-07-27 |
| * | | Create dirserv.h | Sebastian Hahn | 2010-07-27 |
| * | | Create config.h | Sebastian Hahn | 2010-07-27 |
| * | | Create rendcommon.h | Sebastian Hahn | 2010-07-27 |
| * | | Create routerlist.h | Sebastian Hahn | 2010-07-27 |
| * | | Create router.h | Sebastian Hahn | 2010-07-27 |
| * | | Merge branch 'fix_routerparse_bug' | Nick Mathewson | 2010-02-28 |
| |\ \ |
|
| | * | | Fix a consensus-extension bug found by outofwords•••When the bandwidth-weights branch added the "directory-footer"
token, and began parsing the directory footer at the first
occurrence of "directory-footer", it made it possible to fool the
parsing algorithm into accepting unsigned data at the end of a
consensus or vote. This patch fixes that bug by treating the footer
as starting with the first "directory-footer" or the first
"directory-signature", whichever comes first.
| Nick Mathewson | 2010-02-27 |
| * | | | Merge remote branch 'origin/maint-0.2.1'•••Conflicts:
src/common/test.h
src/or/test.c
| Nick Mathewson | 2010-02-27 |
| |\ \ \
| |/ /
|/| /
| |/ |
|
| | * | Update Tor Project copyright years | Nick Mathewson | 2010-02-27 |
| * | | fix some wide lines in routerparse.c | Nick Mathewson | 2010-02-27 |
| * | | Merge remote branch 'origin/maint-0.2.1'•••Conflicts:
ChangeLog
src/or/routerparse.c
| Nick Mathewson | 2010-02-27 |
| |\| |
|
| | * | Properly handle non-terminated strings•••Treat strings returned from signed_descriptor_get_body_impl() as not
NUL-terminated. Since the length of the strings is available, this is
not a big problem.
Discovered by rieo.
| Sebastian Hahn | 2010-02-27 |
| | * | Code to parse and access network parameters.•••Partial backport of 381766ce4b1145460.
Partial backport of 56c6d78520a98fb64.
| Nick Mathewson | 2009-10-14 |
| * | | Don't segfault when checking the consensus | Sebastian Hahn | 2010-02-26 |