| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Fixes bug 2572.
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
(Backport from 0.2.2's 5ed73e3807d90dd0a3)
|
| |\| |
|
| | |
| |
| |
| | |
Fixes #2408.
|
| |\| |
|
| | | |
|
| | |
| |
| |
| | |
fixes bug 2470
|
| |\ \ |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Suggested by rransom. Probably necessary for testing network mode.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We detect and reject said attempts if there is no chosen exit node or
circuit: connecting to a private addr via a randomly chosen exit node
will usually fail (if all exits reject private addresses), is always
ill-defined (you're not asking for any particular host or service),
and usually an error (you've configured all requests to go over Tor
when you really wanted to configure all _remote_ requests to go over
Tor).
This can also help detect forwarding loop requests.
Found as part of bug2279.
|
| | | |
| | |
| | |
| | | |
Fixes part of bug 2279. Bugfix on 0.1.2.1-alpha.
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | | |
Do not add Exit bandwidth to E if BadExit is set.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Fix for #2358
|
| |\ \ \ \ |
|
| | | |/ /
| |/| | |
|
| |\ \ \ \ |
|
| | |/ / / |
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.
Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When calling circuit_build_times_shuffle_and_store_array, we were
passing a uint32_t as an int. arma is pretty sure that this can't
actually cause a bug, because of checks elsewhere in the code, but
it's best not to pass a uint32_t as an int anyway.
Found by doorss; fix on 0.2.2.4-alpha.
|
| | |/ /
|/| |
| | |
| | |
| | |
| | | |
Left circuit_build_times_get_bw_scale() uncommented because it is in the wrong
place due to an improper bug2317 fix. It needs to be moved and renamed, as it
is not a cbt parameter.
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To quote arma: "So instead of stopping your CBT from screaming, you're just
going to throw it in the closet and hope you can't hear it?"
Yep. The log message can happen because at 95% point on the curve, we can be
way beyond the max timeout we've seen, if the curve has few points and is
shallow.
Also applied Nick's rule of thumb for rewriting some other notice log messages
to read like how you would explain them to a raving lunatic on #tor who was
shouting at you demanding what they meant. Hopefully the changes live up to
that standard.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.
Fixes bug 2433.
|
| | |
| |
| |
| |
| |
| | |
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
|
| |\| |
|
| | |\ |
|
| | | |
| | |
| | |
| | | |
Found by piebeer.
|
| |\| | |
|
| | |/ |
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
Based on discussion in bug 2317, these values seem to be sane.
|
| | | |
| | |
| | |
| | |
| | | |
This addresses Nick's concern about doing non-constant bounds checking
inside networkstatus_get_param().
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.
One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.
This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
|
| | | |
| | |
| | |
| | |
| | | |
This prepares for making the accessor method for consensus parameters
safer in the next commit.
|
| |\ \ \
| |/ /
|/| /
| |/ |
|
| | |
| |
| |
| | |
we need to do more hunting, but this fixes the ones mentioned in 2385.
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
src/or/routerparse.c
src/or/test.c
|
| | |\ |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
An object, you'll recall, is something between -----BEGIN----- and
-----END----- tags in a directory document. Some of our code, as
doorss has noted in bug 2352, could assert if one of these ever
overflowed SIZE_T_CEILING but not INT_MAX. As a solution, I'm setting
a maximum size on a single object such that neither of these limits
will ever be hit. I'm also fixing the INT_MAX checks, just to be sure.
|
| | | |
| | |
| | |
| | |
| | | |
I am not at all sure that it is possible to trigger a bug here,
but better safe than sorry.
|
| |\| | |
|
| | | |
| | |
| | |
| | | |
This is checked elsewhere too, but let's be RFC-conformant.
|