1. 06 Jul, 2020 1 commit
    • Alexander Færøy's avatar
      Fix out-of-bound memory read in `tor_tls_cert_matches_key()` for NSS. · b46984e9
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch fixes an out-of-bound memory read in
      `tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
      instead of OpenSSL.
      The NSS library stores some length fields in bits instead of bytes, but
      the comparison function found in `SECITEM_ItemsAreEqual()` needs the
      length to be encoded in bytes. This means that for a 140-byte,
      DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
      in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
      bytes instead of 140 (140bytes * 8bits = 1120bits).
      This patch fixes the issue by converting from bits to bytes before
      calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
      bits before we leave the function.
      This patch is part of the fix for TROVE-2020-001.
      See: https://bugs.torproject.org/33119
  2. 06 Apr, 2019 2 commits
  3. 16 Jan, 2019 1 commit
  4. 20 Sep, 2018 3 commits
  5. 14 Sep, 2018 1 commit
  6. 12 Sep, 2018 1 commit
    • Nick Mathewson's avatar
      Add a tor_tls_release_socket() function. · ae569299
      Nick Mathewson authored
      This function tells the underlying TLS object that it shouldn't
      close the fd on exit.  Mostly, we hope not to have to use it, since
      the NSS implementation is kludgey, but it should allow us to fix
  7. 05 Sep, 2018 1 commit
  8. 04 Sep, 2018 7 commits
  9. 22 Aug, 2018 1 commit
  10. 21 Aug, 2018 3 commits