The hidden service descriptor cache (rendcache) tests use digest maps
which expect keys to have a length of DIGEST_LEN.
Because the tests use key strings with a length lower than DIGEST_LEN,
the internal copy operation reads outside the key strings which leads to
buffer over-reads.
The issue is resolved by using character arrays with a size of
DIGEST_LEN.
Patch on ade5005853.
The tests pass empty digest strings to the dir_server_new function which
copies it into a directory server structure. The copy operation expects
the digest strings to be DIGEST_LEN characters long.
Because the length of the empty digest strings are lower than
DIGEST_LEN, the copy operation reads outside the digest strings which
leads to buffer over-reads.
The issue is resolved by using character arrays with a size of
DIGEST_LEN.
Patch on 4ff08bb581.
When an HS process an INTRODUCE2 cell, we didn't validate if the IP address
of the rendezvous point was a local address. If it's the case, we end up
wasting resources by trying to extend to a local address which fails since
we do not allow that in circuit_extend().
This commit now rejects a rendezvous point that has a local address once
seen at the hidden service side unless ExtendAllowPrivateAddresses is set.
Fixes#8976
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
There was a dead check when we made sure that an array member of a
struct was non-NULL. Tor has been doing this check since at least
0.2.3, maybe earlier.
Fixes bug 17781.
Previously we'd suppressed the mask-bits field in the output when
formatting a policy if it was >=32. But that should be a >=128 if
we're talking about IPv6.
Since we didn't put these in descriptors, this bug affects only log
messages and controller outputs.
Fix for bug 16056. The code in question was new in 0.2.0, but the
bug was introduced in 0.2.4 when we started supporting IPv6 exits.
port is in host order (addr is tor_addr_t, endianness is abstracted).
addr and port can be different to conn->addr and conn->port if
connecting via a proxy.
Consistently ignore multicast addresses when automatically
generating reject private exit policies.
Closes ticket 17763. Bug fix on 10a6390deb,
not in any released version of Tor. Patch by "teor".
The tor_cert_get_checkable_sig function uses the signing key included in
the certificate (if available) when a separate public key is not given.
When the signature is valid, the tor_cert_checksig function copies the
public key from the checkable structure to the public key field of the
certificate signing key.
In situations where the separate public key is not given but the
certificate includes a signing key, the source and destination pointers
in the copy operation are equal and invoke undefined behavior.
Undefined behaviour is avoided by ensuring both pointers are different.