Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • maint-0.4.3
  • maint-0.4.4
  • maint-0.4.5
  • release-0.3.5
  • release-0.4.3
  • release-0.4.4
  • release-0.4.5
  • maint-0.3.5
  • maint-0.4.2
  • release-0.4.2
  • maint-0.4.1
  • release-0.4.1
  • maint-0.4.0
  • release-0.4.0
  • release-0.2.9
  • maint-0.2.9
  • release-0.3.4
  • maint-0.3.4
  • release-0.3.3
  • tor-0.4.5.3-rc
  • tor-0.4.5.2-alpha
  • tor-0.4.6.0-alpha-dev
  • tor-0.3.5.12
  • tor-0.4.3.7
  • tor-0.4.4.6
  • tor-0.4.5.1-alpha
  • tor-0.4.4.5
  • tor-0.4.4.4-rc
  • tor-0.4.4.3-alpha
  • tor-0.4.4.2-alpha
  • tor-0.4.3.6
  • tor-0.4.2.8
  • tor-0.3.5.11
  • tor-0.4.4.1-alpha
  • tor-0.4.4.0-alpha-dev
  • tor-0.4.5.0-alpha-dev
  • tor-0.4.3.5
  • tor-0.4.3.4-rc
  • tor-0.4.3.3-alpha
40 results
Compare
Forked from The Tor Project / Core / Tor
23449 commits behind the upstream repository.
Nick Mathewson's avatar
Avoid sign-extending when computing rend auth type.
Nick Mathewson authored 
Right-shifting negative values has implementation-defined behavior.
On all the platforms we work on right now, the behavior is to
sign-extend the input.  That isn't what we wanted in

    auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1;

Fix for 6861; bugfix on 0.2.1.5-alpha; reported pseudonymously.

The broken behavior didn't actually hurt anything, I think, since the
only way to get sign-extension to happen would be to have the top bit
of descriptor_cookie_tmp[16] set, which would make the value of
descriptor_cookie_tmp[16] >> 4 somewhere between 0b11111111 and
0b11111000 (that is, between -1 and -8).  So auth_type_val would be
between -7 and 0.  And the immediate next line does:

    if (auth_type_val < 1 || auth_type_val > 2) {

So the incorrectly computed auth_type_val would be rejected as
invalid, just as a correctly computed auth_type_val would be.

Still, this stuff shouldn't sit around the codebase.
96d2a216
History
Nick Mathewson's avatar 96d2a216
History
Name Last commit Last update
changes
contrib
doc
src
.gitignore
ChangeLog
Doxyfile.in
INSTALL
LICENSE
Makefile.am
Makefile.nmake
README
ReleaseNotes
acinclude.m4
autogen.sh
configure.ac
README
Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/faq.html
        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ