1. 29 Aug, 2014 1 commit
  2. 28 Aug, 2014 1 commit
    • Roger Dingledine's avatar
      Resume expanding abbreviations for command-line options · 37a76d75
      Roger Dingledine authored and Nick Mathewson's avatar Nick Mathewson committed
      The fix for bug 4647 accidentally removed our hack from bug 586 that
      rewrote HashedControlPassword to __HashedControlSessionPassword when
      it appears on the commandline (which allowed the user to set her own
      HashedControlPassword in the torrc file while the controller generates
      a fresh session password for each run).
      
      Fixes bug 12948; bugfix on 0.2.5.1-alpha.
      37a76d75
  3. 18 Aug, 2014 1 commit
  4. 15 Aug, 2014 5 commits
  5. 14 Aug, 2014 1 commit
  6. 13 Aug, 2014 6 commits
  7. 12 Aug, 2014 3 commits
  8. 09 Aug, 2014 2 commits
  9. 06 Aug, 2014 2 commits
  10. 30 Jul, 2014 4 commits
  11. 28 Jul, 2014 5 commits
  12. 27 Jul, 2014 2 commits
  13. 25 Jul, 2014 4 commits
  14. 24 Jul, 2014 3 commits
    • Roger Dingledine's avatar
      472696e8
    • Roger Dingledine's avatar
      1ed77ff7
    • Nick Mathewson's avatar
      Avoid illegal read off end of an array in prune_v2_cipher_list · 1b551823
      Nick Mathewson authored and Roger Dingledine's avatar Roger Dingledine committed
      This function is supposed to construct a list of all the ciphers in
      the "v2 link protocol cipher list" that are supported by Tor's
      openssl.  It does this by invoking ssl23_get_cipher_by_char on each
      two-byte ciphersuite ID to see which ones give a match.  But when
      ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
      ciphersuite ID, it checks to see whether it has a match for a
      three-byte SSL2 ciphersuite ID.  This was causing a read off the end
      of the 'cipherid' array.
      
      This was probably harmless in practice, but we shouldn't be having
      any uninitialized reads.
      
      (Using ssl23_get_cipher_by_char in this way is a kludge, but then
      again the entire existence of the v2 link protocol is kind of a
      kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
      entirely.)
      
      Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
      1b551823