Nick Mathewson
d978216dea
Fix parsing bug with unecognized token at EOS
...
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.
This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.
Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
2016-12-18 20:17:24 -05:00
Karsten Loesing
9db47e7921
Update geoip and geoip6 to the December 7 2016 database.
2016-12-09 10:23:36 +01:00
Karsten Loesing
ea597832e2
Update geoip and geoip6 to the November 3 2016 database.
2016-11-07 15:05:19 +01:00
Karsten Loesing
1b4984f196
Update geoip and geoip6 to the October 6 2016 database.
2016-10-05 16:35:14 +02:00
Karsten Loesing
56f95ba94d
Update geoip and geoip6 to the September 6 2016 database.
2016-09-07 11:08:04 +02:00
Karsten Loesing
1410947351
Update geoip and geoip6 to the August 2 2016 database.
2016-08-12 11:53:38 +02:00
Karsten Loesing
79939c6f11
Update geoip and geoip6 to the July 6 2016 database.
2016-07-18 08:40:22 +02:00
Nick Mathewson
6b8c3d2bc0
whoops. changelog file for 19271.
2016-07-05 13:51:21 -04:00
Sebastian Hahn
7ae34e722a
Remove urras as a default trusted directory authority
...
It had been a directory authority since 0.2.1.20.
2016-07-03 21:59:32 +02:00
Karsten Loesing
c14c662758
Update geoip and geoip6 to the June 7 2016 database.
2016-06-12 11:35:50 +02:00
Karsten Loesing
3c2d4611ce
Update geoip and geoip6 to the May 4 2016 database.
2016-05-09 17:51:15 +02:00
Karsten Loesing
97c6e717b9
Update geoip and geoip6 to the April 5 2016 database.
2016-04-07 11:10:09 +02:00
Karsten Loesing
8e2640b15a
Update geoip and geoip6 to the March 3 2016 database.
2016-03-04 10:56:51 +01:00
Nick Mathewson
ad95d64fec
Merge branch 'bug18162_024' into maint-0.2.4
2016-02-11 12:55:25 -05:00
Nick Mathewson
c2fd648469
Make ensure_capacity a bit more pedantically correct
...
Issues noted by cypherpunks on #18162
2016-02-11 12:54:52 -05:00
Karsten Loesing
d5ac79e056
Update geoip and geoip6 to the February 2 2016 database.
2016-02-04 08:53:24 +01:00
Nick Mathewson
bca7083e82
avoid integer overflow in and around smartlist_ensure_capacity.
...
This closes bug 18162; bugfix on a45b131590
, which fixed a related
issue long ago.
In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
2016-01-27 12:32:41 -05:00
teor (Tim Wilson-Brown)
11f63d26ac
Update dannenberg's V3 authority identity fingerprint
...
This new identity key was changed on 18 November 2015.
2016-01-07 09:39:04 -08:00
Karsten Loesing
1496056c12
Update geoip and geoip6 to the January 5 2016 database.
2016-01-07 11:10:37 +01:00
Nick Mathewson
35deb4d442
Merge branch 'bug17772_024' into maint-0.2.4
2015-12-08 10:18:31 -05:00
Arlo Breault
5138f5ca69
Ensure node is a guard candidate when picking a directory guard
2015-12-08 09:49:01 -05:00
Nick Mathewson
b0867fec96
Fix a compilation warning introduced by clang 3.6
...
There was a dead check when we made sure that an array member of a
struct was non-NULL. Tor has been doing this check since at least
0.2.3, maybe earlier.
Fixes bug 17781.
2015-12-08 09:37:05 -05:00
Karsten Loesing
dbb919cf94
Update geoip and geoip6 to the December 1 2015 database.
2015-12-05 17:02:59 +01:00
Karsten Loesing
62b02a1941
Update geoip and geoip6 to the October 9 2015 database.
2015-10-09 15:27:55 +02:00
Karsten Loesing
8b3e0b7729
Update geoip and geoip6 to the September 3 2015 database.
2015-09-24 15:08:15 +02:00
Karsten Loesing
7004d67430
Update geoip and geoip6 to the July 8 2015 database.
2015-07-29 15:49:04 +02:00
Nick Mathewson
fde4199e1c
Merge remote-tracking branch 'karsten/geoip6-jun2015' into maint-0.2.4
2015-06-25 11:42:47 -04:00
Nick Mathewson
cb8c5c023f
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2015-06-25 11:42:31 -04:00
Karsten Loesing
08e14e1448
Update geoip6 to the June 3 2015 database.
2015-06-09 16:28:48 +02:00
Karsten Loesing
e5907e94c2
Update geoip to the June 3 2015 database.
2015-06-09 16:26:10 +02:00
Nick Mathewson
efae1bcef6
Merge remote-tracking branch 'karsten/geoip6-apr2015' into maint-0.2.4
2015-04-27 14:15:58 -04:00
Nick Mathewson
609cdec112
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2015-04-27 14:15:44 -04:00
Karsten Loesing
b5f6495876
Update geoip6 to the April 8 2015 database.
2015-04-24 17:51:36 +02:00
Karsten Loesing
bcc0a48cfe
Update geoip to the April 8 2015 database.
2015-04-24 17:49:45 +02:00
Nick Mathewson
542100d3ca
Bump 0.2.4 version more places
2015-04-06 09:48:53 -04:00
Nick Mathewson
442d577af5
Bump 0.2.4 version
2015-04-06 09:41:59 -04:00
Nick Mathewson
7451b4cafe
Changes file for bug15601
2015-04-06 09:24:16 -04:00
Yawning Angel
dc3cb00080
Handle empty/zero length encoded intro points more gracefully.
...
In theory these should never the triggered as the only caller now
validates the parameters before this routine gets called.
2015-04-06 09:21:43 -04:00
Yawning Angel
7b5f558da4
Treat empty introduction points sections as missing.
...
Found by DonnchaC.
2015-04-06 09:20:46 -04:00
Yawning Angel
49ddd92c11
Validate the RSA key size received when parsing INTRODUCE2 cells.
...
Fixes bug 15600; reported by skruffy
2015-04-06 09:18:17 -04:00
Nick Mathewson
01e4bc80cd
Merge branch 'bug15515_024' into maint-0.2.4
2015-04-03 09:36:59 -04:00
George Kadianakis
bcb839387e
... and if we do get multiple INTRODUCE1s on a circuit, kill the circuit
...
(Sending a nak would be pointless.)
See ticket 15515 for discussion.
2015-04-03 09:36:05 -04:00
George Kadianakis
8dba8a088d
Block multiple introductions on the same intro circuit.
2015-04-03 09:35:47 -04:00
Nick Mathewson
5f46a59ba3
Bump 0.2.4 version.
2015-03-12 10:50:15 -04:00
Nick Mathewson
220e9be095
Merge remote-tracking branch 'karsten/geoip6-mar2015' into maint-0.2.4
2015-03-09 16:24:07 -04:00
Nick Mathewson
5588e677bd
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2015-03-09 16:23:55 -04:00
Karsten Loesing
62714068d9
Update geoip6 to the March 3 2015 database.
2015-03-09 21:11:52 +01:00
Karsten Loesing
beda8d2934
Update geoip to the March 3 2015 database.
2015-03-09 21:09:44 +01:00
Nick Mathewson
6704e18dd2
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2015-03-09 11:08:57 -04:00
Nick Mathewson
addffcc14d
Adjust changes header
2015-03-09 11:07:50 -04:00