1. 09 Aug, 2019 6 commits
  2. 08 Aug, 2019 7 commits
  3. 06 Aug, 2019 1 commit
    • Nick Mathewson's avatar
      Avoid using labs() on time_t in channeltls.c · 0849d2a2
      Nick Mathewson authored
      On some windows builds, time_t is 64 bits but long is not.  This is
      causing appveyor builds to fail.
      Also, one of our uses of labs() on time_t was logically incorrect:
      it was telling us to accept NETINFO cells up to three minutes
      _before_ the message they were responding to, which doesn't make
      This patch adds a time_abs() function that we should eventually move
      to intmath.h or something.  For now, though, it will make merges
      easier to have it file-local in channeltls.c.
      Fixes bug 31343; bugfix on
  4. 01 Jul, 2019 3 commits
  5. 28 Jun, 2019 3 commits
    • teor's avatar
      changes: file for 28795 · fb977f8c
      teor authored
      Replace the 157 fallbacks originally introduced in Tor
      in December 2018 (of which ~122 were still functional), with a
      list of 148 fallbacks (70 new, 78 existing, 79 removed) generated
      in June 2019.
      Closes ticket 28795.
      Note that we created extra lists from DE and US, but they didn't add
      any more fallbacks when we tried to merge them.
    • teor's avatar
      fallback: apply the second fallback list from 2019 · f3b2a81c
      teor authored
      Update the fallback directory mirrors by merging the current list with:
      Part of 28795, see that ticket for logs.
    • teor's avatar
      fallback: apply the first fallback list from 2019 · 37c2808a
      teor authored
      Update the fallback directory mirrors by replacing the old list with:
      Part of 28795, see that ticket for logs.
  6. 12 Jun, 2019 2 commits
  7. 11 Jun, 2019 1 commit
  8. 29 May, 2019 2 commits
    • Nick Mathewson's avatar
    • Tobias Stoeckmann's avatar
      Fixed tor_vasprintf on systems without vasprintf. · 0d5a0b4f
      Tobias Stoeckmann authored and Nick Mathewson's avatar Nick Mathewson committed
      If tor is compiled on a system with neither vasprintf nor _vscprintf,
      the fallback implementation exposes a logic flaw which prevents
      proper usage of strings longer than 127 characters:
      * tor_vsnprintf returns -1 if supplied buffer is not large enough,
        but tor_vasprintf uses this function to retrieve required length
      * the result of tor_vsnprintf is not properly checked for negative
        return values
      Both aspects together could in theory lead to exposure of uninitialized
      stack memory in the resulting string. This requires an invalid format
      string or data that exceeds integer limitations.
      Fortunately tor is not even able to run with this implementation because
      it runs into asserts early on during startup. Also the unit tests fail
      during a "make check" run.
      Signed-off-by: default avatarTobias Stoeckmann <tobias@stoeckmann.org>
        [backported to 0.2.9 by nickm]
  9. 17 May, 2019 1 commit
  10. 30 Apr, 2019 2 commits
  11. 19 Apr, 2019 2 commits
  12. 17 Apr, 2019 1 commit
    • teor's avatar
      test/relay: add a missing typedef · 031ed59d
      teor authored
      In 0.3.4 and later, these functions are declared in rephist.h:
      STATIC uint64_t find_largest_max(bw_array_t *b);
      STATIC void commit_max(bw_array_t *b);
      STATIC void advance_obs(bw_array_t *b);
      But in 0.2.9, they are declared in rephist.c and test_relay.c.
      So compilers fail with a "must use 'struct' tag" error.
      We add the missing struct typedef in test_relay.c, to match the
      declarations in rephist.c.
      (Merge commit 813019cc moves these functions into rephist.h instead.)
      Fixes bug 30184; not in any released version of Tor.
  13. 16 Apr, 2019 2 commits
    • teor's avatar
      rephist: fix an undeclared type compilation error · 05d25d06
      teor authored
      In 0.3.4 and later, we declare write_array as:
      extern struct bw_array_t *write_array;
      typedef struct bw_array_t bw_array_t;
      But in 0.2.9, we declare write_array as:
      typedef struct bw_array_t bw_array_t;
      extern bw_array_t *write_array;
      And then again in rephist.c:
      typedef struct bw_array_t bw_array_t;
      So some compilers fail with a duplicate declaration error.
      We backport 684b396c, which removes the duplicate declaration.
      And this commit deals with the undeclared type error.
      Backports a single line from merge commit 813019cc.
      Fixes bug 30184; not in any released version of Tor.
    • Nick Mathewson's avatar
      Remove another needless typedef · 684b396c
      Nick Mathewson authored and teor's avatar teor committed
  14. 09 Apr, 2019 3 commits
    • Nick Mathewson's avatar
      Changes file for bug30041 · c1001153
      Nick Mathewson authored
    • Tobias Stoeckmann's avatar
      Check return value of buf_move_to_buf for error. · 0fa95308
      Tobias Stoeckmann authored and Nick Mathewson's avatar Nick Mathewson committed
      If the concatenation of connection buffer and the buffer of linked
      connection exceeds INT_MAX bytes, then buf_move_to_buf returns -1 as an
      error value.
      This value is currently casted to size_t (variable n_read) and will
      erroneously lead to an increasement of variable "max_to_read".
      This in turn can be used to call connection_buf_read_from_socket to
      store more data inside the buffer than expected and clogging the
      connection buffer.
      If the linked connection buffer was able to overflow INT_MAX, the call
      of buf_move_to_buf would have previously internally triggered an integer
      overflow, corrupting the state of the connection buffer.
      Signed-off-by: default avatarTobias Stoeckmann <tobias@stoeckmann.org>
    • Tobias Stoeckmann's avatar
      Protect buffers against INT_MAX datalen overflows. · 74b2bc43
      Tobias Stoeckmann authored and Nick Mathewson's avatar Nick Mathewson committed
      Many buffer functions have a hard limit of INT_MAX for datalen, but
      this limitation is not enforced in all functions:
      - buf_move_all may exceed that limit with too many chunks
      - buf_move_to_buf exceeds that limit with invalid buf_flushlen argument
      - buf_new_with_data may exceed that limit (unit tests only)
      This patch adds some annotations in some buf_pos_t functions to
      guarantee that no out of boundary access could occur even if another
      function lacks safe guards against datalen overflows.
        [This is a backport of the submitted patch to 0.2.9, where the
        buf_move_to_buf and buf_new_with_data functions did not exist.]
  15. 05 Apr, 2019 3 commits
  16. 04 Apr, 2019 1 commit
    • Nick Mathewson's avatar
      Do not cache bogus results from classifying client ciphers · 1710f4bb
      Nick Mathewson authored
      When classifying a client's selection of TLS ciphers, if the client
      ciphers are not yet available, do not cache the result. Previously,
      we had cached the unavailability of the cipher list and never looked
      again, which in turn led us to assume that the client only supported
      the ancient V1 link protocol.  This, in turn, was causing Stem
      integration tests to stall in some cases.  Fixes bug 30021; bugfix