mirror repository of the tor core protocol in case of issues
Go to file
John Brooks 053e11f397 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-02-07 08:31:37 -05:00
changes Fix out-of-bounds read in INTRODUCE2 client auth 2017-02-07 08:31:37 -05:00
contrib Bump 0.2.4 version more places 2015-04-06 09:48:53 -04:00
doc fix extra words in man page 2014-08-09 15:40:40 -04:00
m4 Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
src Fix out-of-bounds read in INTRODUCE2 client auth 2017-02-07 08:31:37 -05:00
.gitignore Add a new automake dropping ("test-driver") to .gitignore 2013-01-16 01:56:35 -05:00
acinclude.m4 Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
autogen.sh Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
ChangeLog rewrite history to improve two changelog entries 2013-10-10 21:17:19 -04:00
configure.ac Bump 0.2.4 version 2015-04-06 09:41:59 -04:00
Doxyfile.in Fix up all doxygen warnings other than "foo is not documented" 2011-03-16 14:47:27 -04:00
INSTALL Small fixes for the 2702 implementation 2011-04-02 12:15:08 +02:00
LICENSE Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Makefile.am Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
Makefile.nmake Add clean target and test subdir to makefile.nmake 2013-01-16 22:29:38 -05:00
README we have two faqs for now 2010-02-22 00:41:48 -05:00
ReleaseNotes forward-port the 0.2.3.25 changelog and release notes 2012-11-20 03:46:56 -05:00

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/faq.html
        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ