1. 09 Sep, 2019 1 commit
  2. 19 Jul, 2019 1 commit
    • Tobias Stoeckmann's avatar
      Prevent UB on signed overflow. · 0d4a689d
      Tobias Stoeckmann authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      Overflowing a signed integer in C is an undefined behaviour.
      It is possible to trigger this undefined behaviour in tor_asprintf on
      Windows or systems lacking vasprintf.
      
      On these systems, eiter _vscprintf or vsnprintf is called to retrieve
      the required amount of bytes to hold the string. These functions can
      return INT_MAX. The easiest way to recreate this is the use of a
      specially crafted configuration file, e.g. containing the line:
      
      FirewallPorts AAAAA<in total 2147483610 As>
      
      This line triggers the needed tor_asprintf call which eventually
      leads to an INT_MAX return value from _vscprintf or vsnprintf.
      
      The needed byte for \0 is added to the result, triggering the
      overflow and therefore the undefined behaviour.
      
      Casting the value to size_t before addition fixes the behaviour.
      
      Signed-off-by: default avatarTobias Stoeckmann <tobias@stoeckmann.org>
      0d4a689d
  3. 29 May, 2019 2 commits
    • Nick Mathewson's avatar
    • Tobias Stoeckmann's avatar
      Fixed tor_vasprintf on systems without vasprintf. · 0d5a0b4f
      Tobias Stoeckmann authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      If tor is compiled on a system with neither vasprintf nor _vscprintf,
      the fallback implementation exposes a logic flaw which prevents
      proper usage of strings longer than 127 characters:
      
      * tor_vsnprintf returns -1 if supplied buffer is not large enough,
        but tor_vasprintf uses this function to retrieve required length
      * the result of tor_vsnprintf is not properly checked for negative
        return values
      
      Both aspects together could in theory lead to exposure of uninitialized
      stack memory in the resulting string. This requires an invalid format
      string or data that exceeds integer limitations.
      
      Fortunately tor is not even able to run with this implementation because
      it runs into asserts early on during startup. Also the unit tests fail
      during a "make check" run.
      
      Signed-off-by: default avatarTobias Stoeckmann <tobias@stoeckmann.org>
      
        [backported to 0.2.9 by nickm]
      0d5a0b4f
  4. 15 Nov, 2018 1 commit
    • teor's avatar
      Windows: fix uname on recent Windows versions · 2fbc58cf
      teor authored
      Correctly identify Windows 8.1, Windows 10, and Windows Server 2008
      and later from their NT versions.
      
      On recent Windows versions, the GetVersionEx() function may report
      an earlier Windows version than the running OS. To avoid user
      confusion, add "[or later]" to Tor's version string on affected
      versions of Windows.
      
      Remove Windows versions that were never supported by the
      GetVersionEx() function.
      
      Stop duplicating the latest Windows version in get_uname().
      
      Fixes bug 28096; bugfix on 0.2.2.34; reported by Keifer Bly.
      2fbc58cf
  5. 17 Jan, 2018 1 commit
  6. 04 Jan, 2018 1 commit
  7. 11 Sep, 2017 1 commit
  8. 05 Jul, 2017 1 commit
  9. 03 Jul, 2017 1 commit
  10. 08 Nov, 2016 1 commit
    • Nick Mathewson's avatar
      Use va_copy() in pure-windows version of tor_asprintf(). · 286fa940
      Nick Mathewson authored
      It's not okay to use the same varargs list twice, and apparently
      some windows build environments produce code here that would leave
      tor_asprintf() broken. Fix for bug 20560; bugfix on 0.2.2.11-alpha
      when tor_asprintf() was introduced.
      286fa940
  11. 31 Oct, 2016 1 commit
  12. 09 Sep, 2016 1 commit
  13. 06 Sep, 2016 1 commit
    • Nick Mathewson's avatar
      checkSpace.pl now forbids more identifiers. · 5927ed8d
      Nick Mathewson authored
      The functions it warns about are:
        assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
        strdup, strndup, calloc.
      
      Also, fix a few lingering instances of these in the code. Use other
      conventions to indicate _intended_ use of assert and
      malloc/realloc/etc.
      5927ed8d
  14. 12 Aug, 2016 1 commit
  15. 29 Jul, 2016 1 commit
  16. 28 Jul, 2016 1 commit
  17. 08 Jul, 2016 1 commit
  18. 20 Jun, 2016 2 commits
  19. 17 Jun, 2016 1 commit
    • cypherpunks's avatar
      Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS · 94762e37
      cypherpunks authored and Nick Mathewson's avatar Nick Mathewson committed
      The Autoconf macro AC_USE_SYSTEM_EXTENSIONS defines preprocessor macros
      which turn on extensions to C and POSIX. The macro also makes it easier
      for developers to use the extensions without needing (or forgetting) to
      define them manually.
      
      The macro can be safely used because it was introduced in Autoconf 2.60
      and Tor requires Autoconf 2.63 and above.
      94762e37
  20. 16 Jun, 2016 1 commit
  21. 15 Jun, 2016 1 commit
  22. 30 May, 2016 1 commit
    • Nick Mathewson's avatar
      Replace nearly all XXX0vv comments with smarter ones · 4f1a04ff
      Nick Mathewson authored
      So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
      had better revisit this comment and fix it!"
      
      But we have a huge pile of such comments accumulated for a large
      number of released versions!  Not cool.
      
      So, here's what I tried to do:
      
        * 0.2.9 and 0.2.8 are retained, since those are not yet released.
      
        * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
          quite important!"
      
        * The others, after one-by-one examination, are downgraded to
          plain old XXX.  Which doesn't mean they aren't a problem -- just
          that they cannot possibly be a release-blocking problem.
      4f1a04ff
  23. 12 May, 2016 1 commit
  24. 28 Feb, 2016 1 commit
  25. 27 Feb, 2016 1 commit
  26. 27 Jan, 2016 1 commit
  27. 13 Jan, 2016 1 commit
  28. 17 Dec, 2015 1 commit
  29. 15 Dec, 2015 3 commits
  30. 01 Dec, 2015 2 commits
  31. 27 Nov, 2015 3 commits
  32. 20 Nov, 2015 1 commit
  33. 19 Nov, 2015 1 commit
    • teor (Tim Wilson-Brown)'s avatar
      Make tor_ersatz_socketpair work on IPv6-only systems · 53ec840b
      teor (Tim Wilson-Brown) authored
      (But it won't work on some systems without IPv4/IPv6 localhost
      (some BSD jails) by design, to avoid creating sockets on routable
      IP addresses. However, those systems likely have the AF_UNIX socketpair,
      which tor prefers.)
      
      Fixes bug #17638; bugfix on a very early tor version,
      earlier than 22dba27d (23 Nov 2004) / svn:r2943.
      
      Patch by "teor".
      53ec840b