Commit Graph

23432 Commits

Author SHA1 Message Date
Nick Mathewson
a271ad2a7e changes file for 21280 2017-02-07 09:27:17 -05:00
junglefowl
c4920a60c6 Do not truncate too long hostnames
If a hostname is supplied to tor-resolve which is too long, it will be
silently truncated, resulting in a different hostname lookup:

$ tor-resolve $(python -c 'print("google.com" + "m" * 256)')

If tor-resolve uses SOCKS5, the length is stored in an unsigned char,
which overflows in this case and leads to the hostname "google.com".
As this one is a valid hostname, it returns an address instead of giving
an error due to the invalid supplied hostname.
2017-02-07 09:27:00 -05:00
Nick Mathewson
9379984128 Merge branch 'teor_bug21357-v2_029' into maint-0.2.9 2017-02-07 09:24:08 -05:00
Nick Mathewson
dff390dcc7 Merge branch 'bug21108_029' into maint-0.2.9 2017-02-07 09:22:31 -05:00
Nick Mathewson
3e5b1c2d95 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-07 09:20:52 -05:00
Nick Mathewson
b60fb3ab8b Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-07 09:20:45 -05:00
Nick Mathewson
0a43134009 Merge branch 'maint-0.2.6' into maint-0.2.7
This is an "ours" merge to avoid conflicts on the authority list:
the 0.2.7 branch already has the tonga->bifroest merge.
2017-02-07 09:20:13 -05:00
Nick Mathewson
c6f2ae514e Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 09:18:54 -05:00
Nick Mathewson
b9ef21cf56 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 09:17:59 -05:00
Nick Mathewson
e4a42242ea Backport the tonga->bifroest move to 0.2.4.
This is a backport of 19728 and 19690
2017-02-07 09:15:21 -05:00
Nick Mathewson
946661d1db Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-07 08:55:35 -05:00
Nick Mathewson
93ea18e918 Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-07 08:55:28 -05:00
Nick Mathewson
115cefdeee Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-07 08:55:07 -05:00
Nick Mathewson
e6965f78b8 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:54:54 -05:00
Nick Mathewson
6b37512dc7 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:54:47 -05:00
Nick Mathewson
d6eae78e29 Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4 2017-02-07 08:47:11 -05:00
Nick Mathewson
0f46f7d1ec Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-07 08:39:39 -05:00
Nick Mathewson
7b24f3e0fe Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-07 08:39:33 -05:00
Nick Mathewson
eb72365554 Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-07 08:39:25 -05:00
Nick Mathewson
8936c50d83 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:39:07 -05:00
Nick Mathewson
05ec055c41 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:38:59 -05:00
Nick Mathewson
51675f97d3 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.4 2017-02-07 08:37:07 -05:00
Nick Mathewson
da0d5ad983 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:34:37 -05:00
Nick Mathewson
332543baed Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:34:08 -05:00
Nick Mathewson
6cb8c0fd4e Refine the memwipe() arguments check for 18089 a little more.
We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
2017-02-07 08:33:51 -05:00
teor (Tim Wilson-Brown)
fb7d1f41b4 Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
2017-02-07 08:33:39 -05:00
Nick Mathewson
640b402232 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:32:10 -05:00
John Brooks
053e11f397 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-02-07 08:31:37 -05:00
Nick Mathewson
b928095afc Rework 21359 changes file slightly. 2017-02-01 10:39:48 -05:00
rubiate
e9ec818c28 Support LibreSSL with opaque structures
Determining if OpenSSL structures are opaque now uses an autoconf check
instead of comparing the version number. Some definitions have been
moved to their own check as assumptions which were true for OpenSSL
with opaque structures did not hold for LibreSSL. Closes ticket 21359.
2017-02-01 10:30:49 -05:00
teor
bed94a9ed9 Changes file for 21357: Stop rejecting all IPv6 traffic on some Exits
This issue was triggered by 17027 in 0.2.8.1-alpha, which rejects a relay's
own IPv6 address.

Bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
2017-02-01 09:39:06 -05:00
teor
408c53b7a7 Scale IPv6 address counts in policy_summary_reject to avoid overflow
This disregards anything smaller than an IPv6 /64, and rejects ports that
are rejected on an IPv6 /16 or larger.

Adjust existing unit tests, and add more to cover exceptional cases.

No IPv4 behaviour changes.

Fixes bug 21357
2017-02-01 09:39:06 -05:00
teor
4667a40ca9 Fix IPv6 support in policy_summary_reject and policy_summary_accept
This interim fix results in too many IPv6 rejections.

No behaviour change for IPv4 counts, except for overflow fixes that
would require 4 billion redundant 0.0.0.0/0 policy entries to trigger.

Part of 21357
2017-02-01 09:39:06 -05:00
teor
82850d0da6 Refactor policy_summary_reject to prepare for IPv6 changes
No behaviour change, apart from non-fatal assertions

Part of 21357
2017-02-01 09:39:06 -05:00
teor
7e7b3d3df3 Add unit tests for IPv6 address summaries and IPv4 netblock rejection
These tests currently fail due to bug 21357
2017-02-01 09:39:06 -05:00
teor
e95b8f7df9 Fix write_short_policy usage comment 2017-02-01 09:39:05 -05:00
Roger Dingledine
6ff7850f26 be explicit in clear_status_flags_on_sybil that we leave BadExit alone 2017-01-31 18:50:16 -05:00
Nick Mathewson
a47c133c86 Do not clear is_bad_exit on sybil.
But do clear is_v2_dir.

Fixes bug 21108 -- bugfix on d95e7c7d67 in
0.2.0.13-alpha.
2017-01-31 14:12:14 -05:00
Nick Mathewson
0d4d9b6d88 Bump version to 0.2.9.9-dev 2017-01-23 14:34:08 -05:00
Nick Mathewson
767516680c TROVE-2017-001 : move -ftrapv back into --expensive-hardening. 2017-01-23 08:47:10 -05:00
Nick Mathewson
698df98837 version bump 2017-01-23 08:19:48 -05:00
Roger Dingledine
bcbb2d111b clean up grammar on bug20307 changes file
pointed out by toralf on irc
2017-01-22 19:03:12 -05:00
David Goulet
96c7ddbc7e circuit: Change close reasons from uint16_t to int
When marking for close a circuit, the reason value, a integer, was assigned to
a uint16_t converting any negative reasons (internal) to the wrong value. On
the HS side, this was causing the client to flag introduction points to be
unreachable as the internal reason was wrongfully converted to a positive
16bit value leading to flag 2 out of 3 intro points to be unreachable.

Fixes #20307 and partially fixes #21056

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-22 19:02:01 -05:00
Nick Mathewson
46aee42cb9 fix a lintchanges warning 2017-01-22 18:48:22 -05:00
Nick Mathewson
0809690b48 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-01-11 09:13:34 -05:00
Nick Mathewson
c77ace69bb Merge branch 'maint-0.2.7' into maint-0.2.8 2017-01-11 09:13:15 -05:00
Nick Mathewson
8c91cbb6ca Merge branch 'maint-0.2.6' into maint-0.2.7 2017-01-11 09:12:51 -05:00
Nick Mathewson
54771bcaba Merge branch 'maint-0.2.5' into maint-0.2.6 2017-01-11 09:12:21 -05:00
Nick Mathewson
34fdd510ef Merge branch 'maint-0.2.4' into maint-0.2.5 2017-01-11 09:11:58 -05:00
Karsten Loesing
3833f67dd2 Update geoip and geoip6 to the January 4 2017 database. 2017-01-04 10:19:52 +01:00