1. 05 Nov, 2009 1 commit
    • Nick Mathewson's avatar
      Make Tor work with OpenSSL 0.9.8l · ce0a89e2
      Nick Mathewson authored
      To fix a major security problem related to incorrect use of
      SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
      default.  We are not affected by this security problem, however,
      since we do renegotiation right.  (Specifically, we never treat a
      renegotiated credential as authenticating previous communication.)
      Nevertheless, OpenSSL's new behavior requires us to explicitly
      turn renegotiation back on in order to get our protocol working
      again.
      
      Amusingly, this is not so simple as "set the flag when you create
      the SSL object" , since calling connect or accept seems to clear
      the flags.
      
      For belt-and-suspenders purposes, we clear the flag once the Tor
      handshake is done.  There's no way to exploit a second handshake
      either, but we might as well not allow it.
      ce0a89e2
  2. 27 Oct, 2009 5 commits
  3. 15 Oct, 2009 3 commits
  4. 14 Oct, 2009 2 commits
  5. 21 Sep, 2009 1 commit
  6. 17 Sep, 2009 2 commits
  7. 16 Sep, 2009 1 commit
  8. 15 Sep, 2009 2 commits
  9. 14 Sep, 2009 1 commit
    • Sebastian Hahn's avatar
      Fix a memory leak when parsing a ns · b792afa9
      Sebastian Hahn authored
      Adding the same vote to a networkstatus consensus leads to a memory leak
      on the client side. Fix that by only using the first vote from any given
      voter, and ignoring the others.
      
      Problem found by Rotor, who also helped writing the patch. Thanks!
      b792afa9
  10. 03 Sep, 2009 1 commit
    • Roger Dingledine's avatar
      Fix obscure 64-bit big-endian hidserv bug · fcacf224
      Roger Dingledine authored
      Fix an obscure bug where hidden services on 64-bit big-endian
      systems might mis-read the timestamp in v3 introduce cells, and
      refuse to connect back to the client. Discovered by "rotor".
      Bugfix on 0.2.1.6-alpha.
      fcacf224
  11. 02 Sep, 2009 1 commit
  12. 01 Sep, 2009 4 commits
  13. 31 Aug, 2009 4 commits
  14. 29 Aug, 2009 1 commit
  15. 28 Aug, 2009 2 commits
  16. 26 Aug, 2009 1 commit
  17. 25 Aug, 2009 2 commits
  18. 20 Aug, 2009 1 commit
    • Nick Mathewson's avatar
      Fix a rare infinite-recursion bug when shutting down. · 9d118277
      Nick Mathewson authored
      Once we had called log_free_all(), anything that tried to log a
      message (like a failed tor_assert()) would fail like this:
      
         1. The logging call eventually invokes the _log() function.
         2. _log() calls tor_mutex_lock(log_mutex).
         3. tor_mutex_lock(m) calls tor_assert(m).
         4. Since we freed the log_mutex, tor_assert() fails, and tries to
            log its failure.
         5. GOTO 1.
      
      Now we allocate the mutex statically, and never destroy it on
      shutdown.
      
      Bugfix on 0.2.0.16-alpha, which introduced the log mutex.
      
      This bug was found by Matt Edman.
      9d118277
  19. 14 Aug, 2009 1 commit
  20. 11 Aug, 2009 1 commit
  21. 10 Aug, 2009 3 commits