Nick Mathewson
341c6a59db
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Conflicts:
src/or/config.c
Conflict was in or_options_free, where two newly added fields had free
calls in the same place.
2012-04-01 00:46:52 -04:00
Nick Mathewson
9a69c24150
Do not use strcmp() to compare an http authenticator to its expected value
...
This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities. Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
2012-04-01 00:42:04 -04:00
Robert Ransom
458718d497
Fix comment typo
2012-03-30 11:04:03 -04:00
Nick Mathewson
56e0959d2a
Have tor_parse_*long functions check for negative bases
...
One of our unit tests checks that they behave correctly (giving an
error) when the base is negative. But there isn't a guarantee that
strtol and friends actually handle negative bases correctly.
Found by Coverity Scan; fix for CID 504.
2012-03-30 10:34:05 -04:00
Nick Mathewson
88caa552cc
Fix a couple of "unused assigned value" warnings in parse_config tests
...
Coverity doesn't like the fact that we were storing the value of
parse_config_line_from_str() but not checking it in a couple of
cases.
Fixes CID 505 and 506.
2012-03-30 10:26:34 -04:00
Nick Mathewson
affbcded5c
Fix a memory leak in an error case of SAFECOOKIE authentication.
...
Found by Coverity Scan; fix for CID 507; bugfix on 0.2.3.13-alpha.
2012-03-30 10:20:48 -04:00
Nick Mathewson
ab3197c059
Remove a couple redundant NULL-checks before crypto_cipher_free
...
Calling crypto_cipher_free(NULL) is always safe, since (by
convention) all of our xyz_free() functions treat xyz_free(NULL) as
a no-op.
Flagged by coverity scan; fixes CID 508 and 509.
2012-03-30 10:16:58 -04:00
Nick Mathewson
1da5223e89
Merge branch 'bug5527'
2012-03-30 10:15:35 -04:00
Nick Mathewson
491ffa540f
Move router lookup to _after_ we assert that its argument is set
...
A previous commit in the 5527 branch had moved
router_get_mutable_by_digest(digest_rcvd) to happen before we did
tor_assert(digest_rcvd), which would have defeated the purpose of
the assert.
2012-03-30 10:14:31 -04:00
Nick Mathewson
545cb5f34e
Merge remote-tracking branch 'linus/empty_desc_stats'
2012-03-30 10:06:21 -04:00
Linus Nordberg
d2cf90dc88
Add changes file.
2012-03-30 12:06:53 +02:00
Roger Dingledine
3031def726
checking "same addr/port but with nonmatching keys" is obsolete
...
Specifically, I believe it dates back to when extend cells had address:port
but no digest in them. The special edge case is certainly not worth the
complexity these days.
2012-03-29 16:45:25 -04:00
Roger Dingledine
5cb82e44d1
simplify further
2012-03-29 16:37:50 -04:00
Linus Nordberg
20eb38a588
Refactor dirserv_orconn_tls_done().
...
Look up the router using the digest instead of looping over all routers.
2012-03-29 22:01:06 +02:00
Nick Mathewson
f348daa6fb
Merge remote-tracking branch 'linus/bug4875_2'
2012-03-29 10:53:09 -04:00
Nick Mathewson
4703bf8792
note that bug 5151 is on 0.2.3.9-alpha
2012-03-28 17:19:24 -04:00
Nick Mathewson
04a1696095
Merge remote-tracking branch 'linus/bug5151'
2012-03-28 17:18:30 -04:00
Linus Nordberg
bd4d8fc744
Add changes file.
2012-03-28 23:11:02 +02:00
Linus Nordberg
734fad4103
Make relays handle an address suggestion from a directory server giving an IPv6 address.
...
last_guessed_ip becomes a tor_addr_t.
Most parts of router_new_address_suggestion() learns
about IPv6 (resolve_my_address() is still IPv4 only).
2012-03-28 22:16:55 +02:00
Linus Nordberg
1b6f6bfda5
Don't try to generate stats from an empty served_descs.
2012-03-28 20:57:45 +02:00
Sebastian Hahn
77bc1b803e
Fix a bunch of check-spaces complaints
2012-03-28 15:02:15 +02:00
Roger Dingledine
c3a7bcf4e6
tab-man strikes back (fixup on a9c0e9fec2
)
2012-03-28 04:06:56 -04:00
Nick Mathewson
a9c0e9fec2
Write initial documentation for the contents of the state file
...
Fixes bug 2987. There is still some information to go, but now we
have a place to put it.
2012-03-28 04:08:56 -04:00
Nick Mathewson
8387d8571f
Merge branch 'bug4011'
2012-03-28 03:33:00 -04:00
Nick Mathewson
d20c6d2a37
Keep separate time-to-downloads for each consensus flavor
...
This is a fix for bug 4011, where if we have a recent ns consensus we
won't even try fetching a microdesc consensus. Fix on 0.2.3.1-alpha,
I believe.
2012-03-28 02:55:33 -04:00
Nick Mathewson
86f1630b36
Merge branch 'openssl101_aes_ctr_rebased'
2012-03-27 22:41:10 -04:00
Nick Mathewson
01905a6ef9
Excise PK_NO_PADDING entirely: Unpadded RSA is silly.
...
We never use it, so having it around is pointless.
Suggested by Sebastian
2012-03-27 22:38:06 -04:00
Nick Mathewson
55c3e29669
Use OpenSSL 1.0.1's EVP aes_ctr implementation when available
...
This should be really fast on Intel chips.
2012-03-27 22:38:06 -04:00
Nick Mathewson
de0dca0de7
Refactor the API for setting up a block cipher.
...
It allows us more flexibility on the backend if the user needs to
specify the key and IV at setup time.
2012-03-27 22:37:56 -04:00
Nick Mathewson
00b4784575
Remove support for PK_NO_PADDING in crypto_pk_public_hybrid_encrypt
...
We never use it, and it would be a stupid thing if we started using it.
2012-03-27 22:37:55 -04:00
Nick Mathewson
fc35674567
Changelog for torify changes
...
Also reinstate the part of the torify script that checks for torsocks
being installed, so that we can give a more useful message in case it
isn't.
2012-03-27 18:46:47 -04:00
Nick Mathewson
5cd707dcd3
Remove tsocks support from torify.
...
Fixes bug3530 and bug 5180. Patch by ugh.
2012-03-27 18:44:00 -04:00
Nick Mathewson
80b2756b53
Log statement to help track down bug4091
2012-03-27 18:28:39 -04:00
Nick Mathewson
342e753d31
Merge remote-tracking branch 'karsten/bug5053'
2012-03-27 11:22:32 -04:00
Sebastian Hahn
582f747049
Provide large enough buffer in test_util_sscanf()
...
This was causing crashes during unit test runs, as stack smashing
protections got triggered. Issue spotted by weasel
2012-03-27 15:16:22 +02:00
Roger Dingledine
4121e7f861
bump to 0.2.3.13-alpha-dev
2012-03-27 01:26:01 -04:00
Roger Dingledine
de73e3692a
merge in the safecookie changelog entry too
2012-03-26 22:15:02 -04:00
Roger Dingledine
65bf007a77
merge the change that 2f3ec43e5b
wanted to merge
2012-03-26 22:12:52 -04:00
Nick Mathewson
5a2d0fbe64
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Conflicts:
src/or/control.c
2012-03-26 18:51:37 -04:00
Nick Mathewson
9740f067c4
Safe cookie authentication gets a changes file
2012-03-26 14:06:27 -04:00
Nick Mathewson
6dcbfec82d
Merge remote-tracking branch 'rransom-tor/safecookie-022-v3' into maint-0.2.2
2012-03-26 14:03:29 -04:00
Nick Mathewson
f5c59eb28a
Merge remote-tracking branch 'origin/maint-0.2.2'
...
This is an "-s ours" commit to avoid taking a5704b1c62
,
which was a cherry-picked backport of fdbb9cdf74
to add
a SHA256-HMAC function.
2012-03-26 14:02:11 -04:00
Nick Mathewson
650e2aac46
Merge commit 'a5704b1c624c9a808f52f3a125339f00e2b9a378' into maint-0.2.2
2012-03-26 13:59:49 -04:00
Nick Mathewson
2f3ec43e5b
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Conflicts:
changes/bug5090
bug5090 was already merged and corrected in the master branch's changelog.
2012-03-26 13:57:51 -04:00
Roger Dingledine
e103509f7a
bump to 0.2.3.13-alpha
2012-03-26 00:01:46 -04:00
Roger Dingledine
6c5a1377e8
cleanup and blurb for 0.2.3.13-alpha
2012-03-25 23:58:12 -04:00
Roger Dingledine
a5c78639ae
fold in latest changes entries
2012-03-25 23:19:44 -04:00
Roger Dingledine
bca8bf62c6
explain that bug 5090 allows a post-auth heap overflow
...
resolves bug 5402.
2012-03-25 23:09:23 -04:00
Sebastian Hahn
fe2b177cfb
Never disable debugger attachment for the unit tests
2012-03-22 12:50:44 +01:00
Christian Kujau
d95efdd860
Shorten links to law.cornell.edu for exit-note file
...
The links we have currently redirect to those new files now.
2012-03-20 11:36:16 +01:00