Commit Graph

23363 Commits

Author SHA1 Message Date
Nick Mathewson
4812441d34 Never read off the end of a buffer in base32_encode()
When we "fixed" #18280 in 4e4a7d2b0c
in 0291 it appears that we introduced a bug: The base32_encode
function can read off the end of the input buffer, if the input
buffer size modulo 5 is not equal to 0 or 3.

This is not completely horrible, for two reasons:
   * The extra bits that are read are never actually used: so this
     is only a crash when asan is enabled, in the worst case.  Not a
     data leak.

   * The input sizes passed to base32_encode are only ever multiples
      of 5. They are all either DIGEST_LEN (20), REND_SERVICE_ID_LEN
      (10), sizeof(rand_bytes) in addressmap.c (10), or an input in
      crypto.c that is forced to a multiple of 5.

So this bug can't actually trigger in today's Tor.

Closes bug 21894; bugfix on 0.2.9.1-alpha.
2017-04-07 10:47:16 -04:00
Nick Mathewson
7d7770f735 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-04-06 08:31:54 -04:00
Nick Mathewson
91c6b18ca0 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-04-06 08:31:32 -04:00
Nick Mathewson
44bc8821b1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-04-06 08:31:23 -04:00
Nick Mathewson
21d776738c Merge branch 'maint-0.2.5' into maint-0.2.6 2017-04-06 08:31:18 -04:00
Nick Mathewson
a8a860e1da Merge branch 'maint-0.2.4' into maint-0.2.5 2017-04-06 08:31:12 -04:00
Karsten Loesing
9d7933296c Update geoip and geoip6 to the April 4 2017 database. 2017-04-06 10:52:39 +02:00
Nick Mathewson
d642ceb8df Merge branch 'maint-0.2.8' into maint-0.2.9 2017-03-08 10:12:06 -05:00
Nick Mathewson
2cfecec9c7 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-03-08 10:11:23 -05:00
Nick Mathewson
25c28bc2d9 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-03-08 10:11:05 -05:00
Nick Mathewson
ecc73c3c03 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-03-08 10:10:44 -05:00
Nick Mathewson
933a1e7997 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-03-08 10:10:29 -05:00
Karsten Loesing
4488c319dd Update geoip and geoip6 to the March 7 2017 database. 2017-03-08 09:41:35 +01:00
Nick Mathewson
75492598b2 Bump to 0.2.9.10-dev 2017-03-01 08:18:54 -05:00
Nick Mathewson
b049a5b398 bump version to 0.2.9.10 2017-02-28 10:38:55 -05:00
Nick Mathewson
3e07a54928 Merge branch 'maint-0.2.8' into maint-0.2.9
This is an "ours" merge to avoid taking a version bump
2017-02-28 10:38:31 -05:00
Nick Mathewson
f93bcab60e Merge branch 'maint-0.2.7-redux' into maint-0.2.8
This is an "ours" merge to avoid taking a version bump, and to
avoid replaying the post-0.2.7.6 history of "maint-0.2.7-redux" onto maint-0.2.8, which already included the relevant changes.
2017-02-28 10:37:25 -05:00
Nick Mathewson
f2a657c22b bump version to 0.2.8.13 2017-02-28 10:34:33 -05:00
Nick Mathewson
b5526bef38 Bump version to 0.2.7.7 2017-02-28 10:27:20 -05:00
Nick Mathewson
1174b50cab Merge branch 'maint-0.2.6' into maint-0.2.7-redux
"ours" merge to avoid version bumps
2017-02-28 10:26:45 -05:00
Nick Mathewson
57e778f882 bump to 0.2.6.11 2017-02-28 10:26:24 -05:00
Nick Mathewson
ccdf0b319c Merge branch 'maint-0.2.5' into maint-0.2.6
"ours" merge to avoid version bumps
2017-02-28 10:25:51 -05:00
Nick Mathewson
884b3717a9 Bump version to 0.2.5.13 2017-02-28 10:23:20 -05:00
Nick Mathewson
b2b604ecb4 Merge branch 'maint-0.2.4' into maint-0.2.5
"ours" merge to avoid bumping version
2017-02-28 10:22:36 -05:00
Nick Mathewson
4bab288a82 Bump to 0.2.4.28 2017-02-28 10:20:46 -05:00
Nick Mathewson
aec45bc0b1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-02-17 17:10:47 -05:00
Nick Mathewson
67cec7578c Check for micro < 0, rather than checking "minor" twice.
Bug found with clang scan-build.  Fixes bug on f63e06d3dc.
Bug not present in any released Tor.
2017-02-17 11:31:39 -05:00
Nick Mathewson
fea93abecd whoops; make 21450 compile 2017-02-15 08:19:37 -05:00
Nick Mathewson
cb6b3b7cad Limit version numbers to 0...INT32_MAX.
Closes 21450; patch from teor.
2017-02-15 07:57:34 -05:00
Nick Mathewson
a1c3b391de Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-15 07:52:54 -05:00
Nick Mathewson
5222054163 Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-15 07:52:47 -05:00
Nick Mathewson
e6376a8004 Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-15 07:52:41 -05:00
Nick Mathewson
f7ed4a7d8f Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-15 07:52:33 -05:00
Nick Mathewson
71cd68b66b Merge branch 'maint-0.2.8' of git-rw.torproject.org:/tor into maint-0.2.8 2017-02-15 07:51:57 -05:00
Nick Mathewson
67877f55ad Merge branch 'maint-0.2.7' of git-rw.torproject.org:/tor into maint-0.2.7 2017-02-15 07:51:48 -05:00
Nick Mathewson
6e7ff9ee31 Merge branch 'maint-0.2.6' of git-rw.torproject.org:/tor into maint-0.2.6 2017-02-15 07:51:41 -05:00
Nick Mathewson
aeb299ba6d Merge branch 'maint-0.2.5' of git-rw.torproject.org:/tor into maint-0.2.5 2017-02-15 07:51:33 -05:00
Nick Mathewson
5d88267bf4 Merge branch 'bug21278_extra_029' into maint-0.2.9 2017-02-15 07:48:30 -05:00
Nick Mathewson
ec6b5a098d Merge branch 'bug21278_redux_029_squashed' into maint-0.2.9 2017-02-15 07:48:18 -05:00
Nick Mathewson
eeb743588a Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-15 07:48:10 -05:00
Nick Mathewson
1ebdae6171 Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-15 07:47:28 -05:00
Nick Mathewson
ed806843dc Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-15 07:47:21 -05:00
Nick Mathewson
3781f24b80 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-15 07:47:12 -05:00
Nick Mathewson
a452b71395 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-15 07:47:04 -05:00
Roger Dingledine
3c4da8a130 give tor_version_parse_platform some function documentation 2017-02-15 07:46:34 -05:00
Nick Mathewson
02e05bd74d When examining descriptors as a dirserver, reject ones with bad versions
This is an extra fix for bug 21278: it ensures that these
descriptors and platforms will never be listed in a legit consensus.
2017-02-15 07:46:34 -05:00
Nick Mathewson
f63e06d3dc Extract the part of tor_version_as_new_as that extracts platform
Also add a "strict" mode to reject negative inputs.
2017-02-15 07:46:34 -05:00
Nick Mathewson
9f71fde146 changes file for removing compare-by-subtraction pattern 2017-02-14 16:32:59 -05:00
Nick Mathewson
a0ef3cf088 Prevent int underflow in dirvote.c compare_vote_rs_.
This should be "impossible" without making a SHA1 collision, but
let's not keep the assumption that SHA1 collisions are super-hard.

This prevents another case related to 21278.  There should be no
behavioral change unless -ftrapv is on.
2017-02-14 16:31:23 -05:00
Nick Mathewson
1afc2ed956 Fix policies.c instance of the "if (r=(a-b)) return r" pattern
I think this one probably can't underflow, since the input ranges
are small.  But let's not tempt fate.

This patch also replaces the "cmp" functions here with just "eq"
functions, since nothing actually checked for anything besides 0 and
nonzero.

Related to 21278.
2017-02-14 16:31:11 -05:00