Nick Mathewson
b6227edae1
Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
...
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.
It also closes TROVE-2016-10-001 (aka bug 20384).
2016-12-20 18:22:53 -05:00
Nick Mathewson
b18bde23cf
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-12-20 18:11:25 -05:00
Nick Mathewson
db58d4d16f
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-12-20 18:11:08 -05:00
Nick Mathewson
d978216dea
Fix parsing bug with unecognized token at EOS
...
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.
This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.
Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
2016-12-18 20:17:24 -05:00
Nick Mathewson
3d9f8ff6a5
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-12-09 08:34:06 -05:00
Nick Mathewson
3d2d3f2b62
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-12-09 08:33:57 -05:00
Karsten Loesing
9db47e7921
Update geoip and geoip6 to the December 7 2016 database.
2016-12-09 10:23:36 +01:00
Nick Mathewson
6c2174d44d
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-11-07 09:30:16 -05:00
Nick Mathewson
db2571be61
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-11-07 09:29:54 -05:00
Karsten Loesing
ea597832e2
Update geoip and geoip6 to the November 3 2016 database.
2016-11-07 15:05:19 +01:00
Nick Mathewson
12a7298376
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-10-06 09:59:03 -04:00
Nick Mathewson
304d8f3bbb
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-10-06 09:58:54 -04:00
Karsten Loesing
1b4984f196
Update geoip and geoip6 to the October 6 2016 database.
2016-10-05 16:35:14 +02:00
Nick Mathewson
52a99cb6c1
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-09-07 13:53:53 -04:00
Nick Mathewson
e4d82da05b
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-09-07 13:53:43 -04:00
Karsten Loesing
56f95ba94d
Update geoip and geoip6 to the September 6 2016 database.
2016-09-07 11:08:04 +02:00
Nick Mathewson
742ff2cddb
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-08-12 10:27:01 -04:00
Nick Mathewson
46754d6081
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-08-12 10:26:48 -04:00
Karsten Loesing
1410947351
Update geoip and geoip6 to the August 2 2016 database.
2016-08-12 11:53:38 +02:00
Nick Mathewson
210928f66a
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-07-19 12:31:54 +02:00
Nick Mathewson
d95c2809b3
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-07-19 12:31:20 +02:00
Karsten Loesing
79939c6f11
Update geoip and geoip6 to the July 6 2016 database.
2016-07-18 08:40:22 +02:00
Nick Mathewson
92891ded30
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-07-05 13:51:51 -04:00
Nick Mathewson
19078b1b89
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-07-05 13:51:34 -04:00
Nick Mathewson
6b8c3d2bc0
whoops. changelog file for 19271.
2016-07-05 13:51:21 -04:00
Nick Mathewson
b4bb88606e
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-06-13 10:48:48 -04:00
Nick Mathewson
f25f7b759c
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-06-13 10:48:35 -04:00
Karsten Loesing
c14c662758
Update geoip and geoip6 to the June 7 2016 database.
2016-06-12 11:35:50 +02:00
Nick Mathewson
0b477bfd55
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-05-09 14:55:45 -04:00
Nick Mathewson
368146370b
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-05-09 14:55:22 -04:00
Karsten Loesing
3c2d4611ce
Update geoip and geoip6 to the May 4 2016 database.
2016-05-09 17:51:15 +02:00
Nick Mathewson
2ce99b9f48
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-04-07 10:45:38 -04:00
Nick Mathewson
34a51d1621
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-04-07 10:45:32 -04:00
Karsten Loesing
97c6e717b9
Update geoip and geoip6 to the April 5 2016 database.
2016-04-07 11:10:09 +02:00
Nick Mathewson
443dddb749
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-03-09 10:36:35 -05:00
Nick Mathewson
21f9829e79
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-03-09 10:36:20 -05:00
Karsten Loesing
8e2640b15a
Update geoip and geoip6 to the March 3 2016 database.
2016-03-04 10:56:51 +01:00
Nick Mathewson
740421af19
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-02-11 13:00:25 -05:00
Nick Mathewson
ce289e2cb5
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-02-11 12:55:40 -05:00
Nick Mathewson
ad95d64fec
Merge branch 'bug18162_024' into maint-0.2.4
2016-02-11 12:55:25 -05:00
Nick Mathewson
44ad3be221
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-02-05 08:13:24 -05:00
Nick Mathewson
f06d9a9cef
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-02-05 08:13:13 -05:00
Karsten Loesing
d5ac79e056
Update geoip and geoip6 to the February 2 2016 database.
2016-02-04 08:53:24 +01:00
Nick Mathewson
bca7083e82
avoid integer overflow in and around smartlist_ensure_capacity.
...
This closes bug 18162; bugfix on a45b131590#18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
2016-01-27 12:32:41 -05:00
teor (Tim Wilson-Brown)
db81565331
Make memwipe() do nothing when passed a NULL pointer or zero size
...
Check size argument to memwipe() for underflow.
Closes bug #18089 . Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352 ),
commit 49dd5ef3
2016-01-18 19:58:07 -05:00
Nick Mathewson
c7b0cd9c2f
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-01-07 09:41:36 -08:00
Nick Mathewson
9ca329581a
Merge branch 'maint-0.2.4' into maint-0.2.5
...
Conflicts:
src/or/config.c
2016-01-07 09:40:23 -08:00
teor (Tim Wilson-Brown)
11f63d26ac
Update dannenberg's V3 authority identity fingerprint
...
This new identity key was changed on 18 November 2015.
2016-01-07 09:39:04 -08:00
Nick Mathewson
400df18688
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-01-07 09:14:05 -08:00
Nick Mathewson
ae223138fb
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-01-07 09:13:54 -08:00
