This makes our compilation options checks in autoconf work better on
systems that already define _FORTIFY_SOURCE.

Fixes at least one case of bug 18841; bugfix on 0.2.3.17-beta. Patch
from "trudokal".

Issues noted by cypherpunks on #18162

This closes bug 18162; bugfix on a45b1315, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.

Conflicts:
	src/or/config.c

teor (Tim Wilson-Brown) authored 9 years ago and Nick Mathewson committed 9 years ago

This new identity key was changed on 18 November 2015.

There was a dead check when we made sure that an array member of a
struct was non-NULL.  Tor has been doing this check since at least
0.2.3, maybe earlier.

Fixes bug 17781.

teor authored 9 years ago and Nick Mathewson committed 9 years ago

If crypto_early_init fails, a typo in a return value from tor_init
means that tor_main continues running, rather than returning
an error value.

Fixes bug 16360; bugfix on d3fb846d in 0.2.5.2-alpha,
introduced when implementing #4900.

Patch by "teor".

John Brooks authored 9 years ago and Nick Mathewson committed 9 years ago

The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.