1. 30 Jul, 2020 1 commit
  2. 28 Jul, 2020 1 commit
  3. 23 Jul, 2020 2 commits
  4. 07 Jul, 2020 2 commits
  5. 06 Jul, 2020 1 commit
    • Alexander Færøy's avatar
      Fix out-of-bound memory read in `tor_tls_cert_matches_key()` for NSS. · b46984e9
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch fixes an out-of-bound memory read in
      `tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
      instead of OpenSSL.
      
      The NSS library stores some length fields in bits instead of bytes, but
      the comparison function found in `SECITEM_ItemsAreEqual()` needs the
      length to be encoded in bytes. This means that for a 140-byte,
      DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
      in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
      bytes instead of 140 (140bytes * 8bits = 1120bits).
      
      This patch fixes the issue by converting from bits to bytes before
      calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
      bits before we leave the function.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      b46984e9
  6. 30 Jun, 2020 1 commit
  7. 30 May, 2020 1 commit
    • Roger Dingledine's avatar
      Preemptive circs should work with UseEntryGuards 0 · 39f2411b
      Roger Dingledine authored
      Resume being willing to use preemptively-built circuits when
      UseEntryGuards is set to 0. We accidentally disabled this feature with
      that config setting (in our fix for #24469), leading to slower load times.
      
      Fixes bug 34303; bugfix on 0.3.3.2-alpha.
      39f2411b
  8. 06 May, 2020 1 commit
  9. 20 Mar, 2020 1 commit
    • teor's avatar
      Appveyor: Copy required DLLs to test and app · 38e07b88
      teor authored
      Copy required DLLs to test and app, before running tor's tests.
      
      This ensures that tor.exe and test*.exe use the correct version of each
      DLL. This fix is not required, but we hope it will avoid DLL search
      issues in future.
      
      Closes bug 33673; bugfix on 0.3.4.2-alpha.
      38e07b88
  10. 19 Mar, 2020 2 commits
  11. 17 Mar, 2020 1 commit
    • George Kadianakis's avatar
      Fix TROVE-2020-003. · 089e57d2
      George Kadianakis authored and Nick Mathewson's avatar Nick Mathewson committed
      Given that ed25519 public key validity checks are usually not needed
      and (so far) they are only necessary for onion addesses in the Tor
      protocol, we decided to fix this specific bug instance without
      modifying the rest of the codebase (see below for other fix
      approaches).
      
      In our minimal fix we check that the pubkey in
      hs_service_add_ephemeral() is valid and error out otherwise.
      089e57d2
  12. 16 Mar, 2020 1 commit
  13. 12 Mar, 2020 1 commit
  14. 11 Mar, 2020 1 commit
  15. 10 Mar, 2020 1 commit
    • David Goulet's avatar
      dos: Pass transport name on new client connection · 894ff2dc
      David Goulet authored
      
      
      For a bridge configured with a pluggable transport, the transport name is
      used, with the IP address, for the GeoIP client cache entry.
      
      However, the DoS subsystem was not aware of it and always passing NULL when
      doing a lookup into the GeoIP cache.
      
      This resulted in bridges with a PT are never able to apply DoS defenses for
      newly created connections.
      
      Fixes #33491
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      894ff2dc
  16. 13 Feb, 2020 3 commits
  17. 12 Feb, 2020 2 commits
  18. 10 Feb, 2020 1 commit
  19. 05 Feb, 2020 1 commit
  20. 29 Jan, 2020 1 commit
  21. 28 Jan, 2020 1 commit
    • teor's avatar
      Travis: Stop allowing stem test failures · 9d771ccc
      teor authored
      Stop allowing failures on the Travis CI stem tests job. It looks like
      all the stem hangs we were seeing are now fixed, but let's make sure we
      see them if they happen again.
      
      Closes ticket 33075.
      9d771ccc
  22. 06 Jan, 2020 1 commit
  23. 17 Dec, 2019 1 commit
  24. 15 Dec, 2019 1 commit
  25. 06 Dec, 2019 3 commits
  26. 03 Dec, 2019 1 commit
    • teor's avatar
      Travis: use -std=gnu99 in some jobs · 792c15fd
      teor authored
      Require C99 standards-conforming code in Travis CI, but allow GNU gcc
      extensions. Also activates clang's -Wtypedef-redefinition warnings.
      
      Builds some jobs with -std=gnu99, and some jobs without.
      
      Closes ticket 32500.
      792c15fd
  27. 28 Nov, 2019 1 commit
  28. 11 Nov, 2019 1 commit
    • teor's avatar
      Appveyor: Install OpenSSL to resolve a header/library mismatch · 2abff832
      teor authored
      Install the mingw OpenSSL package in Appveyor. This makes sure that
      the OpenSSL headers and libraries match in Tor's Appveyor builds.
      
      (This bug was triggered by an Appveyor image update.)
      
      Fixes bug 32449; bugfix on 0.3.5.6-rc.
      2abff832
  29. 09 Nov, 2019 1 commit
  30. 06 Nov, 2019 1 commit
  31. 24 Oct, 2019 2 commits
    • teor's avatar
      93be7275
    • David Goulet's avatar
      hs-v3: Remove a BUG() caused by an acceptable race · ed57a04a
      David Goulet authored
      
      
      hs_client_purge_state() and hs_cache_clean_as_client() can remove a descriptor
      from the client cache with a NEWNYM or simply when the descriptor expires.
      
      Which means that for an INTRO circuit being established during that time, once
      it opens, we lookup the descriptor to get the IP object but hey surprised, no
      more descriptor.
      
      The approach here is minimalist that is accept the race and close the circuit
      since we can not continue. Before that, the circuit would stay opened and the
      client wait the SockTimeout.
      
      Fixers #28970.
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      ed57a04a