Conflicts:
	src/or/config.c

teor (Tim Wilson-Brown) authored 9 years ago and Nick Mathewson committed 9 years ago

This new identity key was changed on 18 November 2015.

There was a dead check when we made sure that an array member of a
struct was non-NULL.  Tor has been doing this check since at least
0.2.3, maybe earlier.

Fixes bug 17781.

teor authored 9 years ago and Nick Mathewson committed 9 years ago

If crypto_early_init fails, a typo in a return value from tor_init
means that tor_main continues running, rather than returning
an error value.

Fixes bug 16360; bugfix on d3fb846d in 0.2.5.2-alpha,
introduced when implementing #4900.

Patch by "teor".

John Brooks authored 9 years ago and Nick Mathewson committed 9 years ago

The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.

Yawning Angel authored 10 years ago and Nick Mathewson committed 9 years ago

In theory these should never the triggered as the only caller now
validates the parameters before this routine gets called.

Yawning Angel authored 10 years ago and Nick Mathewson committed 9 years ago

Found by DonnchaC.