1. 09 Aug, 2019 1 commit
  2. 09 Apr, 2019 3 commits
    • Nick Mathewson's avatar
      Changes file for bug30041 · c1001153
      Nick Mathewson authored
      c1001153
    • Tobias Stoeckmann's avatar
      Check return value of buf_move_to_buf for error. · 0fa95308
      Tobias Stoeckmann authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      If the concatenation of connection buffer and the buffer of linked
      connection exceeds INT_MAX bytes, then buf_move_to_buf returns -1 as an
      error value.
      
      This value is currently casted to size_t (variable n_read) and will
      erroneously lead to an increasement of variable "max_to_read".
      
      This in turn can be used to call connection_buf_read_from_socket to
      store more data inside the buffer than expected and clogging the
      connection buffer.
      
      If the linked connection buffer was able to overflow INT_MAX, the call
      of buf_move_to_buf would have previously internally triggered an integer
      overflow, corrupting the state of the connection buffer.
      Signed-off-by: default avatarTobias Stoeckmann <tobias@stoeckmann.org>
      0fa95308
    • Tobias Stoeckmann's avatar
      Protect buffers against INT_MAX datalen overflows. · 74b2bc43
      Tobias Stoeckmann authored and Nick Mathewson's avatar Nick Mathewson committed
      Many buffer functions have a hard limit of INT_MAX for datalen, but
      this limitation is not enforced in all functions:
      
      - buf_move_all may exceed that limit with too many chunks
      - buf_move_to_buf exceeds that limit with invalid buf_flushlen argument
      - buf_new_with_data may exceed that limit (unit tests only)
      
      This patch adds some annotations in some buf_pos_t functions to
      guarantee that no out of boundary access could occur even if another
      function lacks safe guards against datalen overflows.
      
        [This is a backport of the submitted patch to 0.2.9, where the
        buf_move_to_buf and buf_new_with_data functions did not exist.]
      74b2bc43
  3. 05 Apr, 2019 3 commits
  4. 04 Apr, 2019 1 commit
    • Nick Mathewson's avatar
      Do not cache bogus results from classifying client ciphers · 1710f4bb
      Nick Mathewson authored
      When classifying a client's selection of TLS ciphers, if the client
      ciphers are not yet available, do not cache the result. Previously,
      we had cached the unavailability of the cipher list and never looked
      again, which in turn led us to assume that the client only supported
      the ancient V1 link protocol.  This, in turn, was causing Stem
      integration tests to stall in some cases.  Fixes bug 30021; bugfix
      on 0.2.4.8-alpha.
      1710f4bb
  5. 03 Apr, 2019 1 commit
  6. 01 Apr, 2019 2 commits
  7. 22 Mar, 2019 1 commit
  8. 20 Mar, 2019 2 commits
  9. 19 Mar, 2019 1 commit
  10. 18 Mar, 2019 1 commit
  11. 13 Mar, 2019 5 commits
  12. 09 Mar, 2019 1 commit
  13. 06 Mar, 2019 1 commit
  14. 01 Mar, 2019 4 commits
  15. 27 Feb, 2019 1 commit
  16. 19 Feb, 2019 1 commit
  17. 12 Feb, 2019 1 commit
  18. 23 Jan, 2019 1 commit
  19. 09 Jan, 2019 1 commit
  20. 07 Jan, 2019 1 commit
  21. 04 Jan, 2019 1 commit
  22. 11 Dec, 2018 1 commit
  23. 10 Dec, 2018 1 commit
    • teor's avatar
      Fallbacks: Update the hard-coded fallback list in December 2018 · 4991b293
      teor authored
      Merge Phoul's two lists into teor's list.
      
      Replace the 150 fallbacks originally introduced in Tor 0.3.3.1-alpha in
      January 2018 (of which ~115 were still functional), with a list of
      157 fallbacks (92 new, 65 existing, 85 removed) generated in
      December 2018.
      
      Closes ticket 24803.
      4991b293
  24. 07 Dec, 2018 1 commit
    • teor's avatar
      Fallbacks: Update the hard-coded fallback list in December 2018 · 78e177d6
      teor authored
      Replace the 150 fallbacks originally introduced in Tor 0.3.3.1-alpha in
      January 2018 (of which ~115 were still functional), with a list of
      148 fallbacks (89 new, 59 existing, 91 removed) generated in
      December 2018.
      
      Closes ticket 24803.
      78e177d6
  25. 05 Dec, 2018 1 commit
  26. 15 Nov, 2018 2 commits
    • Nick Mathewson's avatar
      Merge remote-tracking branch 'public/bug24104_029_squashed' into maint-0.2.9 · 8569166c
      Nick Mathewson authored
      Resolved conflicts with the 26269 fix in 015fcd0e.
      8569166c
    • teor's avatar
      Windows: fix uname on recent Windows versions · 2fbc58cf
      teor authored
      Correctly identify Windows 8.1, Windows 10, and Windows Server 2008
      and later from their NT versions.
      
      On recent Windows versions, the GetVersionEx() function may report
      an earlier Windows version than the running OS. To avoid user
      confusion, add "[or later]" to Tor's version string on affected
      versions of Windows.
      
      Remove Windows versions that were never supported by the
      GetVersionEx() function.
      
      Stop duplicating the latest Windows version in get_uname().
      
      Fixes bug 28096; bugfix on 0.2.2.34; reported by Keifer Bly.
      2fbc58cf