Nick Mathewson
801923ac21
Remove more dubiosity in struct tm handling. related to bug5346
2012-05-16 12:15:08 -04:00
Nick Mathewson
7ae798ac38
changes file for branch bug5346
2012-05-16 12:14:48 -04:00
Nick Mathewson
1abe533b33
Reject an additional type of bad date in parse_http_time
2012-05-16 12:14:48 -04:00
Esteban Manchado Velázquez
d0d9c3d71e
Fix parse_http_time and add tests
...
* It seems parse_http_time wasn't parsing correctly any date with commas (RFCs
1123 and 850). Fix that.
* It seems parse_http_time was reporting the wrong month (they start at 0, not
1). Fix that.
* Add some tests for parse_http_time, covering all three formats.
2012-05-16 12:14:48 -04:00
Nick Mathewson
3ed4c5dc05
Correct the bulletproofing of routerlist_insert()
...
The original code updated some variables, but forgot to remove a
replaced old-routerdesc from rl->old_routers.
Related to bug 1776.
2012-05-16 10:51:02 -04:00
Nick Mathewson
8e07798284
Clarify MaxCircuitDirtiness behavior with hidden services. Bug 5259.
2012-05-15 11:22:06 -04:00
Nick Mathewson
5905a0b2db
Merge branch 'bug5796_022_squashed' into maint-0.2.2
2012-05-15 10:04:49 -04:00
Nick Mathewson
f2a6eedded
Fix a crash bug on SETCIRCUITPURPOSE.
2012-05-15 10:03:10 -04:00
Nick Mathewson
0be946c693
Merge remote-tracking branch 'karsten/geoip-may2012' into maint-0.2.2
2012-05-15 10:00:51 -04:00
Roger Dingledine
436654ee96
fix over-wide line from f661747370
2012-05-10 17:46:19 -04:00
Nick Mathewson
79c4c8195a
Merge branch 'bug5786_range_022' into maint-0.2.2
2012-05-10 15:38:57 -04:00
Ravi Chandra Padmala
5bbf04dc97
Add changes/bug5760
2012-05-10 12:55:33 +05:30
Ravi Chandra Padmala
f661747370
Add missing CRLFs to AUTHCHALLENGE failure replies
...
Fix #5760
2012-05-10 11:13:09 +05:30
Nick Mathewson
9b344628ed
Handle out-of-range values in tor_parse_* integer functions
...
The underlying strtoX functions handle overflow by saturating and
setting errno to ERANGE. If the min/max arguments to the
tor_parse_* functions are equal to the minimum/maximum of the
underlying type, then with the old approach, we wouldn't treat a
too-large value as genuinely broken.
Found this while looking at bug 5786; bugfix on 19da1f36
(in Tor
0.0.9), which introduced these functions.
2012-05-07 12:25:59 -04:00
Karsten Loesing
24731ce6a7
Update to the May 2012 GeoIP database.
2012-05-07 12:50:47 +02:00
Nick Mathewson
f6afd4efa6
Fix a log-uninitialized-buffer bug.
...
Fix for 5647; bugfix on 0.2.1.5-alpha.
2012-04-18 23:02:09 -04:00
George Kadianakis
2d276ab9d9
rend_service_introduce(): do protocol violation check before anything else.
...
(Cherry-picked from 6ba13e4 by nickm)
2012-04-18 22:26:06 -04:00
Nick Mathewson
86c4b750da
Merge branch 'bug5593' into maint-0.2.2
2012-04-11 10:04:31 -04:00
Karsten Loesing
b395b59353
Update to the April 2012 GeoIP database.
2012-04-11 14:15:49 +02:00
Nick Mathewson
dd3f4f1bdb
Include a Host: header with any HTTP/1.1 proxy request
...
Bugfix on 0.2.2.1-alpha, which added the orginal HTTP proxy
authentication code. Fix for bug 5593.
2012-04-10 12:00:20 -04:00
Nick Mathewson
439fc704f1
Wrap long line; strlen("ides")<strlen("turtles").
2012-04-04 21:05:19 -04:00
Sebastian Hahn
b24487d106
ides has become turtles, and gotten a new IP address
...
As per ticket 5569
2012-04-05 01:53:04 +02:00
Roger Dingledine
5fed1ccd90
put a _ before or_options_t elements that aren't configurable
...
it's fine with me if we change the current convention, but we should
actually decide to change it if we want to.
2012-04-01 15:59:38 -04:00
Roger Dingledine
40ab832c4e
BridgePassword was never for debugging
...
It is for the not-yet-implemented bridge community design.
2012-04-01 15:59:00 -04:00
Nick Mathewson
9a69c24150
Do not use strcmp() to compare an http authenticator to its expected value
...
This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities. Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
2012-04-01 00:42:04 -04:00
Nick Mathewson
9740f067c4
Safe cookie authentication gets a changes file
2012-03-26 14:06:27 -04:00
Nick Mathewson
6dcbfec82d
Merge remote-tracking branch 'rransom-tor/safecookie-022-v3' into maint-0.2.2
2012-03-26 14:03:29 -04:00
Nick Mathewson
650e2aac46
Merge commit 'a5704b1c624c9a808f52f3a125339f00e2b9a378' into maint-0.2.2
2012-03-26 13:59:49 -04:00
Nick Mathewson
ec1bc8a979
Use a given name in the bug5090 message, at its holder's request.
2012-03-09 14:50:46 -05:00
Nick Mathewson
99bd5400e8
Never choose a bridge as an exit. Bug 5342.
2012-03-09 14:27:50 -05:00
Nick Mathewson
8abfcc0804
Revise "sufficient exit nodes" check to work with restrictive ExitNodes
...
If you set ExitNodes so that only 1 exit node is accepted, the
previous patch would have made you unable to build circuits.
2012-03-09 14:23:23 -05:00
Nick Mathewson
a574f7f3fe
Merge branch 'bug5343' into maint-0.2.2
2012-03-09 13:54:04 -05:00
Nick Mathewson
31f253ae6a
Oops; credit bug5090 patch to flupzor. estebanm only found the bug.
2012-03-09 11:54:27 -05:00
Nick Mathewson
be0535f00b
Correctly handle broken escape sequences in torrc values
...
Previously, malformatted torrc values could crash us.
Patch by Esteban Manchado. Fixes bug 5090; fix on 0.2.0.16-alpha.
2012-03-09 11:50:22 -05:00
Nick Mathewson
ec8a06c5a1
Require a threshold of exit nodes before building circuits
...
This mitigates an attack proposed by wanoskarnet, in which all of a
client's bridges collude to restrict the exit nodes that the client
knows about. Fixes bug 5343.
2012-03-08 15:42:54 -05:00
Sebastian Hahn
fe50b676bc
Fix compile warnings in openbsd malloc
2012-03-08 19:28:59 +01:00
Nick Mathewson
9d5d3a7fd4
Merge remote-tracking branch 'karsten/geoip-march2012' into maint-0.2.2
2012-03-08 10:50:03 -05:00
Karsten Loesing
c5d7ee714f
Update to the March 2012 GeoIP database.
2012-03-08 09:35:15 +01:00
Roger Dingledine
e21756908f
new ip address for maatuska
2012-02-29 13:22:41 -05:00
Robert Ransom
e111e371b4
Implement 'safe cookie authentication'
2012-02-22 05:46:09 -08:00
Nick Mathewson
a5704b1c62
Add a sha256 hmac function, with tests
...
(cherry picked from commit fdbb9cdf74
)
2012-02-22 05:46:08 -08:00
Sebastian Hahn
8ce6722d76
Properly protect paths to sed, sha1sum, openssl
...
in Makefile.am, we used it without quoting it, causing build failure if
your openssl/sed/sha1sum happened to live in a directory with a space in
it (very common on windows)
2012-02-10 20:12:03 +01:00
Nick Mathewson
c8b855082b
Downgrade "missing a certificate" from notice to info
...
It was apparently getting mistaken for a problem, even though it was
at notice.
Fixes 5067; fix on 0.2.0.10-alpha.
2012-02-10 12:01:56 -05:00
Nick Mathewson
2da0efb547
Use correct CVE number for CVE-2011-4576. Found by fermenthor. bug 5066
2012-02-10 10:55:39 -05:00
Roger Dingledine
a70ff4b2cb
Merge branch 'maint-0.2.1' into maint-0.2.2
2012-02-09 04:21:08 -05:00
Roger Dingledine
85c539009a
Revert "add a "docs" to the manual URI as listed in torrc.sample.in"
...
This reverts commit 55e8cae815
.
The conversation from irc:
> weasel: i had intended to leave torrc.sample.in alone in maint-0.2.2,
since i don't want to make all your stable users have to deal with
a torrc change. but nickm changed it. is it in fact the case that a
change in that file means a change in the deb?
<weasel> it means you'll prompt every single user who ever touched
their torrc
<weasel> and they will be asked if they like your new version better
than what they have right now
<weasel> so it's not great
Instead I changed the website to redirect requests for the tor-manual
URL listed in maint-0.2.2's torrc.sample.in so the link will still work.
2012-02-09 03:57:04 -05:00
Karsten Loesing
4180624a7d
Update to the February 2012 GeoIP database.
2012-02-09 09:16:24 +01:00
Nick Mathewson
55e8cae815
add a "docs" to the manual URI as listed in torrc.sample.in
2012-02-08 10:52:05 -05:00
Roger Dingledine
688903e919
Update "ClientOnly" man page entry
...
There isn't really any point to messing with it. Resolves ticket 5005.
2012-02-02 02:31:28 -05:00
Nick Mathewson
6d595fa4cf
Merge remote-tracking branch 'public/bug4533_part2' into maint-0.2.2
2012-01-18 15:29:25 -05:00