1. 06 May, 2010 1 commit
  2. 05 May, 2010 1 commit
  3. 24 Apr, 2010 2 commits
  4. 23 Apr, 2010 2 commits
  5. 13 Apr, 2010 1 commit
    • Nick Mathewson's avatar
      Fix renegotiation on OpenSSL versions that backport RFC5746. · 6ad09cc6
      Nick Mathewson authored
      Our code assumed that any version of OpenSSL before 0.9.8l could not
      possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.  This is
      so... except that many vendors have backported the flag from later
      versions of openssl when they backported the RFC5476 renegotiation
      The new behavior is particularly annoying to detect.  Previously,
      leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that
      clients would fail to renegotiate.  People noticed that one fast!
      Now, OpenSSL's RFC5476 support means that clients will happily talk to
      any servers there are, but servers won't accept renegotiation requests
      from unpatched clients unless SSL_OP_ALLOW_etc is set.  More fun:
      servers send back a "no renegotiation for you!" error, which unpatched
      clients respond to by stalling, and generally producing no useful
      error message.
      This might not be _the_ cause of bug 1346, but it is quite likely _a_
      cause for bug 1346.
  6. 12 Apr, 2010 2 commits
  7. 04 Apr, 2010 1 commit
  8. 16 Mar, 2010 1 commit
  9. 15 Mar, 2010 1 commit
  10. 07 Mar, 2010 1 commit
  11. 04 Mar, 2010 1 commit
    • Nick Mathewson's avatar
      Apply Roger's bug 1269 fix. · 3ff09239
      Nick Mathewson authored
      From http://archives.seul.org/tor/relays/Mar-2010/msg00006.html :
         As I understand it, the bug should show up on relays that don't set
         Address to an IP address (so they need to resolve their Address
         line or their hostname to guess their IP address), and their
         hostname or Address line fails to resolve -- at that point they'll
         pick a random 4 bytes out of memory and call that their address. At
         the same time, relays that *do* successfully resolve their address
         will ignore the result, and only come up with a useful address if
         their interface address happens to be a public IP address.
  12. 02 Mar, 2010 1 commit
  13. 27 Feb, 2010 2 commits
  14. 26 Feb, 2010 3 commits
    • Sebastian Hahn's avatar
      Proper NULL checking in circuit_list_path_impl() · 86828e20
      Sebastian Hahn authored
      Another dereference-then-NULL-check sequence. No reports of this bug
      triggered in the wild. Fixes bugreport 1256.
      Thanks to ekir for discovering and reporting this bug.
    • Sebastian Hahn's avatar
      Proper NULL checking for hsdesc publication · f36c36f4
      Sebastian Hahn authored
      Fix a dereference-then-NULL-check sequence. This bug wasn't triggered
      in the wild, but we should fix it anyways in case it ever happens.
      Also make sure users get a note about this being a bug when they
      see it in their log.
      Thanks to ekir for discovering and reporting this bug.
    • Sebastian Hahn's avatar
      Zero a cipher completely before freeing it · a9802d33
      Sebastian Hahn authored
      We used to only zero the first ptrsize bytes of the cipher. Since
      cipher is large enough, we didn't zero too many bytes. Discovered
      and fixed by ekir. Fixes bug 1254.
  15. 21 Feb, 2010 2 commits
  16. 18 Feb, 2010 4 commits
  17. 13 Feb, 2010 1 commit
  18. 12 Feb, 2010 2 commits
  19. 08 Feb, 2010 1 commit
    • Sebastian Hahn's avatar
      Don't use gethostbyname() in resolve_my_address() · a168cd2a
      Sebastian Hahn authored
      Tor has tor_lookup_hostname(), which prefers ipv4 addresses automatically.
      Bug 1244 occured because gethostbyname() returned an ipv6 address, which
      Tor cannot handle currently. Fixes bug 1244; bugfix on 0.0.2pre25.
      Reported by Mike Mestnik.
  20. 07 Feb, 2010 1 commit
  21. 02 Feb, 2010 1 commit
    • Nick Mathewson's avatar
      Link libssl and libcrypto in the right order. · f6ff14a8
      Nick Mathewson authored
      For most linking setups, this doesn't matter.  But for some setups, when
      statically linking openssl, it does matter, since you need to link things
      with dependencies before you link things they depend on.
      Fix for bug 1237.
  22. 01 Feb, 2010 1 commit
    • Nick Mathewson's avatar
      Revise OpenSSL fix to work with OpenSSL 1.0.0beta* · abd447f8
      Nick Mathewson authored
      In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
      and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
      you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
      they use it for something different.
      For the ugly version, see my long comment in tortls.c
  23. 29 Jan, 2010 1 commit
  24. 24 Jan, 2010 3 commits
  25. 22 Jan, 2010 1 commit
    • Nick Mathewson's avatar
      Avoid a possible crash in tls_log_errors. · 4ad5094c
      Nick Mathewson authored
      We were checking for msg==NULL, but not lib or proc.  This case can
      only occur if we have an error whose string we somehow haven't loaded,
      but it's worth coding defensively here.
      Spotted by rieo on IRC.
  26. 19 Jan, 2010 2 commits