tor/changes
Nick Mathewson 5240afa713 Fix a memory leak on decryption non-failure of v3 hsdesc
If it decrypts something that turns out to start with a NUL byte,
then decrypt_desc_layer() will return 0 to indicate the length of
its result.  But 0 also indicates an error, which causes the result
not to be freed by decrypt_desc_layer()'s callers.

Since we're trying to stabilize 0.3.2.x, I've opted for the simpler
possible fix here and made it so that an empty decrypted string will
also count as an error.

Fixes bug 24150 and OSS-Fuzz issue 3994.

The original bug was present but unreachable in 0.3.1.1-alpha. I'm
calling this a bugfix on 0.3.2.1-alpha since that's the first version
where you could actually try to decrypt these descriptors.
2017-11-06 12:59:11 -05:00
..
.dummy Add a .dummy file in the changes directory to stop git from removing it 2015-05-11 11:41:48 -04:00
bug20532 Rewrite bridge addresses earlier 2017-10-24 17:35:17 -05:00
bug21509 fuzzing: Make hsdescv3 use the decoding API correctly 2017-10-26 09:52:15 -04:00
bug23653 hs: Add changes file for 23653 2017-10-03 10:56:46 -04:00
bug23670 entrynodes: Add changes file. 2017-10-03 15:48:12 +03:00
bug23678 Fix our "not an HTTP Proxy" message in light of HTTPTunnelPort 2017-10-02 12:53:13 -04:00
bug23693 Make changes in server_mode() affect workers; fix a crash. 2017-10-02 11:11:30 -04:00
bug23739 Improve docs on using gcov 2017-10-03 07:45:36 -05:00
bug23741 Don't move gcov output to root directory 2017-10-02 16:09:28 -05:00
bug23748 note cathugger in changes file for 23748 2017-10-04 09:01:59 -04:00
bug23753 sched: Use SCHED_BUG() macro in scheduler 2017-11-02 10:30:33 -04:00
bug23755 Only run "update" job from scheduled pipelines 2017-10-05 13:37:57 -05:00
bug23757 Match .travis.yml more closely 2017-10-05 22:42:00 -05:00
bug23758 Don't expect permission failure if running as root 2017-10-04 08:42:05 -05:00
bug23762 make 23762 changes file pass check-changes 2017-10-31 12:19:39 -04:00
bug23774 Fix memory leak when freeing socket_table in KIST. 2017-10-17 13:40:31 -04:00
bug23790 hs-v2: Copy needed information between service on prunning 2017-10-25 11:21:28 -04:00
bug23820 Changes file for 23820 2017-11-02 10:19:05 -04:00
bug23862 fix check-changes warning 2017-10-26 09:08:49 -04:00
bug23874 Clear the address when node_get_prim_orport() returns early 2017-10-15 16:48:36 -04:00
bug23952 Have LOG_PROTOCOL_WARN call its own function 2017-10-23 12:22:26 -04:00
bug24002 hs-v3: Check the ed25519 key when picking intro point 2017-10-26 14:54:20 -04:00
bug24025 nodelist: Downgrade warning to protocol warning 2017-11-02 10:33:57 -04:00
bug24082 Initialize the mock options in the fuzzing code 2017-10-30 17:05:26 -04:00
bug24115 man: Specify HiddenServiceNumIntroductionPoints for v3 2017-11-01 13:50:04 -04:00
bug24150 Fix a memory leak on decryption non-failure of v3 hsdesc 2017-11-06 12:59:11 -05:00
feature18329 Updates to fix check-spaces/check-changes warnings 2017-10-24 19:35:16 -04:00
geoip-october2017 add missing subcategory in changes file 2017-10-05 11:04:54 -04:00
hsdescv3_fuzz_more In the hsdescv3 fuzzer, replace the decryption function. 2017-10-27 14:28:02 -04:00
longclaw_23592 Update Longclaw's IP address; fixes 23592. 2017-10-17 14:00:30 -04:00
ticket23910 dirauth: Add bastet to the default authorities 2017-10-23 09:03:36 -04:00
ticket24109 Test that IPv6-only clients can use microdescriptors 2017-11-02 10:25:49 -04:00