aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* Update Tor Project copyright yearsNick Mathewson2010-02-27
|
* Properly handle non-terminated stringsSebastian Hahn2010-02-27
| | | | | | | | Treat strings returned from signed_descriptor_get_body_impl() as not NUL-terminated. Since the length of the strings is available, this is not a big problem. Discovered by rieo.
* Proper NULL checking in circuit_list_path_impl()Sebastian Hahn2010-02-26
| | | | | | | Another dereference-then-NULL-check sequence. No reports of this bug triggered in the wild. Fixes bugreport 1256. Thanks to ekir for discovering and reporting this bug.
* Proper NULL checking for hsdesc publicationSebastian Hahn2010-02-26
| | | | | | | | | Fix a dereference-then-NULL-check sequence. This bug wasn't triggered in the wild, but we should fix it anyways in case it ever happens. Also make sure users get a note about this being a bug when they see it in their log. Thanks to ekir for discovering and reporting this bug.
* Zero a cipher completely before freeing itSebastian Hahn2010-02-26
| | | | | | We used to only zero the first ptrsize bytes of the cipher. Since cipher is large enough, we didn't zero too many bytes. Discovered and fixed by ekir. Fixes bug 1254.
* bump to 0.2.1.24Roger Dingledine2010-02-21
|
* Bump version to 0.2.1.23-devNick Mathewson2010-02-18
|
* Fix compileSebastian Hahn2010-02-18
|
* Even more conservative option-setting for SSL renegotiation.Nick Mathewson2010-02-17
| | | | | | This time, set the SSL3_FLAGS_ALLOW_UNSAFE_RENEGOTIATION flag on every version before OpenSSL 0.9.8l. I can confirm that the option value (0x0010) wasn't reused until OpenSSL 1.0.0beta3.
* new dannenberg address; make moria2's demise official.Roger Dingledine2010-02-12
|
* prepare for 0.2.1.23Roger Dingledine2010-02-12
|
* Don't use gethostbyname() in resolve_my_address()Sebastian Hahn2010-02-08
| | | | | | | Tor has tor_lookup_hostname(), which prefers ipv4 addresses automatically. Bug 1244 occured because gethostbyname() returned an ipv6 address, which Tor cannot handle currently. Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
* lookup_last_hid_serv_request() could overflow and leak memorySebastian Hahn2010-02-07
| | | | | | The problem was that we didn't allocate enough memory on 32-bit platforms with 64-bit time_t. The memory leak occured every time we fetched a hidden service descriptor we've fetched before.
* Revise OpenSSL fix to work with OpenSSL 1.0.0beta*Nick Mathewson2010-01-31
| | | | | | | | | In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l, and you mustn't use the SSL_OP solution with anything before 0.9.8m, and you get in _real_ trouble if you try to set the flag in 1.0.0beta, since they use it for something different. For the ugly version, see my long comment in tortls.c
* Decide whether to use SSL flags based on runtime OpenSSL version.Nick Mathewson2010-01-29
| | | | | | | | | | | We need to do this because Apple doesn't update its dev-tools headers when it updates its libraries in a security patch. On the bright side, this might get us out of shipping a statically linked OpenSSL on OSX. May fix bug 1225. [backported]
* Add --enable-static-(openssl|libevent) optionsNick Mathewson2010-01-24
| | | | | These options only work when using --with-(openssl|libevent)-dir to explicitly pick a libevent or openssl location.
* Fix two rare leaks spotted by rieo.Nick Mathewson2010-01-23
|
* Avoid a possible crash in tls_log_errors.Nick Mathewson2010-01-22
| | | | | | | | We were checking for msg==NULL, but not lib or proc. This case can only occur if we have an error whose string we somehow haven't loaded, but it's worth coding defensively here. Spotted by rieo on IRC.
* spread guard rotation out throughout the monthRoger Dingledine2010-01-19
|
* weight guard choice by bandwidth; discard old guardsRoger Dingledine2010-01-19
|
* bump to 0.2.1.22, and give it a changelogRoger Dingledine2010-01-19
|
* downgrade a warningRoger Dingledine2010-01-19
| | | | | | | this case can now legitimately happen, if you have a cached v2 status from moria1, and you run with the new list of dirservers that's missing the old moria1. it's nothing to worry about; the file will die off in a month or two.
* rotate keys for moria1 and gabelmooRoger Dingledine2010-01-19
|
* stop bridge authorities from leaking their bridge listRoger Dingledine2010-01-17
|
* bump to 0.2.1.21 so we can releaseRoger Dingledine2009-12-21
|
* Fix bug 1173: remove an assert(unsigned >= 0).Nick Mathewson2009-12-15
|
* Improved workaround for disabled OpenSSL renegotiation.Martin Peck2009-12-04
| | | | | | | | It turns out that OpenSSL 0.9.8m is likely to take a completely different approach for reenabling renegotiation than OpenSSL 0.9.8l did, so we need to work with both. :p Fixes bug 1158. (patch by coderman; commit message by nickm)
* fix race condition that can cause crashes at client or exit relayRoger Dingledine2009-11-23
| | | | | | Avoid crashing if the client is trying to upload many bytes and the circuit gets torn down at the same time, or if the flip side happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
* Make Tor work with OpenSSL 0.9.8lNick Mathewson2009-11-05
| | | | | | | | | | | | | | | | | | | To fix a major security problem related to incorrect use of SSL/TLS renegotiation, OpenSSL has turned off renegotiation by default. We are not affected by this security problem, however, since we do renegotiation right. (Specifically, we never treat a renegotiated credential as authenticating previous communication.) Nevertheless, OpenSSL's new behavior requires us to explicitly turn renegotiation back on in order to get our protocol working again. Amusingly, this is not so simple as "set the flag when you create the SSL object" , since calling connect or accept seems to clear the flags. For belt-and-suspenders purposes, we clear the flag once the Tor handshake is done. There's no way to exploit a second handshake either, but we might as well not allow it.
* Fix an apparently bogus check; fortunately, it seems to be untriggered.Nick Mathewson2009-10-26
|
* Fix two memory leaks found by Coverity (CIDs 417-418)Nick Mathewson2009-10-26
| | | | | | The first happens on an error case when a controller wants an impossible directory object. The second happens when we can't write our fingerprint file.
* Add missing break statements for Coverity CIDs #406,407.Nick Mathewson2009-10-26
| | | | | | The code for these was super-wrong, but will only break things when we reset an option on a platform where sizeof(time_t) is different from sizeof(int).
* Only send the if_modified_since header for a v3 consensus.Nick Mathewson2009-10-26
| | | | | Spotted by xmux; bugfix on 0.2.0.10-alpha. (Bug introduced by 20b10859)
* bump to 0.2.1.20Roger Dingledine2009-10-15
|
* Move moria1 and Tonga to alternate IP addresses.Roger Dingledine2009-10-15
|
* read the "circwindow" parameter from the consensusRoger Dingledine2009-10-14
| | | | | backport of c43859c5c12361fad505 backport of 0d13e0ed145f4c1b5bd1
* Code to parse and access network parameters.Nick Mathewson2009-10-14
| | | | | Partial backport of 381766ce4b1145460. Partial backport of 56c6d78520a98fb64.
* Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"Roger Dingledine2009-09-20
| | | | | | | This reverts commit dc3229313b6d2aaff437c6fc7fa55ead4409e93d. We're going to do this more thoroughly in 0.2.2.x, and not in maint-0.2.1.
* Work around a memory leak in openssl 0.9.8g (and maybe others)Nick Mathewson2009-09-17
|
* Merge commit 'karsten/fix-1073' into maint-0.2.1Nick Mathewson2009-09-16
|\
| * Reduce log level for bug case that we now know really exists.Karsten Loesing2009-09-01
| |
| * Avoid segfault when accessing hidden service.Karsten Loesing2009-08-29
| |
* | Teach connection_ap_can_use_exit about Exclude*NodesSebastian Hahn2009-09-16
| | | | | | | | | | | | To further attempt to fix bug 1090, make sure connection_ap_can_use_exit always returns 0 when the chosen exit router is excluded. This should fix bug1090.
* | Merge commit 'sebastian/memleak' into maint-0.2.1Nick Mathewson2009-09-15
|\ \
| * | Fix a memory leak when parsing a nsSebastian Hahn2009-09-14
| | | | | | | | | | | | | | | | | | | | | | | | Adding the same vote to a networkstatus consensus leads to a memory leak on the client side. Fix that by only using the first vote from any given voter, and ignoring the others. Problem found by Rotor, who also helped writing the patch. Thanks!
* | | make some bug 1090 warnings go awaySebastian Hahn2009-09-16
|/ / | | | | | | | | | | | | | | | | When we excluded some Exits, we were sometimes warning the user that we were going to use the node regardless. Many of those warnings were in fact bogus, because the relay in question was not used to connect to the outside world. Based on patch by Rotor, thanks!
* | Fix obscure 64-bit big-endian hidserv bugRoger Dingledine2009-09-02
| | | | | | | | | | | | | | Fix an obscure bug where hidden services on 64-bit big-endian systems might mis-read the timestamp in v3 introduce cells, and refuse to connect back to the client. Discovered by "rotor". Bugfix on 0.2.1.6-alpha.
* | Use an _actual_ fix for the byte-reverse warning.Nick Mathewson2009-09-01
| | | | | | | | | | | | (Given that we're pretty much assuming that int is 32 bits, and given that hex values are always unsigned, taking out the "ul" from 0xff000000 should be fine.)
* | Use a simpler fix for the byte-reversing warningNick Mathewson2009-09-01
| |
* | Fix compile warnings on Snow LeopardSebastian Hahn2009-09-01
| | | | | | | | Big thanks to nickm and arma for helping me with this!
generated by cgit v1.2.3 (git 2.25.4) at 2024-10-01 11:50:29 +0000