David Goulet authored 8 years ago and Nick Mathewson committed 8 years ago

When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof() on a
pointer instead of using the real size of the destination buffer leading to an
overflow passing an enormous value to the signing digest function.
Fortunately, that value was only used to make sure the destination buffer
length was big enough for the key size and in this case it always was because
of the overflow.

Fixes #21553

Signed-off-by: David Goulet <dgoulet@torproject.org>

scan-build found that we we checking UseEntryGuards twice.

Fixes bug 21492.

Bug found with clang scan-build.  Fixes bug on f63e06d3.
Bug not present in any released Tor.

Instead of returning 404 error code, this led to a NULL pointer being used and
thus a crash of tor.

Fixes #21471

Signed-off-by: David Goulet <dgoulet@torproject.org>

Closes 21450; patch from teor.

This is an extra fix for bug 21278: it ensures that these
descriptors and platforms will never be listed in a legit consensus.

Also add a "strict" mode to reject negative inputs.

Use STATIC.

Credit AFL in the changes file.

Fixes bug 20894; bugfix on 0.2.0.16-alpha.

We already applied a workaround for this as 20834, so no need to
freak out (unless you didn't apply 20384 yet).

This should be "impossible" without making a SHA1 collision, but
let's not keep the assumption that SHA1 collisions are super-hard.

This prevents another case related to 21278.  There should be no
behavioral change unless -ftrapv is on.

I think this one probably can't underflow, since the input ranges
are small.  But let's not tempt fate.

This patch also replaces the "cmp" functions here with just "eq"
functions, since nothing actually checked for anything besides 0 and
nonzero.

Related to 21278.