mirror repository of the tor core protocol in case of issues
Go to file
Tobias Stoeckmann 74b2bc43fb Protect buffers against INT_MAX datalen overflows.
Many buffer functions have a hard limit of INT_MAX for datalen, but
this limitation is not enforced in all functions:

- buf_move_all may exceed that limit with too many chunks
- buf_move_to_buf exceeds that limit with invalid buf_flushlen argument
- buf_new_with_data may exceed that limit (unit tests only)

This patch adds some annotations in some buf_pos_t functions to
guarantee that no out of boundary access could occur even if another
function lacks safe guards against datalen overflows.

  [This is a backport of the submitted patch to 0.2.9, where the
  buf_move_to_buf and buf_new_with_data functions did not exist.]
2019-04-09 11:59:20 -04:00
changes Merge remote-tracking branch 'tor-github/pr/902' into maint-0.2.9 2019-04-06 09:28:58 +10:00
contrib Bump to 0.2.9.17-dev 2018-09-10 09:41:22 -04:00
doc man: Document default values if not in the consensus for DoS mitigation 2018-02-13 14:21:47 -05:00
m4 Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS 2016-06-17 10:17:44 -04:00
scripts Finally remove our EOL@EOF check. 2018-06-29 23:11:02 -04:00
src Protect buffers against INT_MAX datalen overflows. 2019-04-09 11:59:20 -04:00
.editorconfig Add .editorconfig to follow coding standards style 2018-06-17 19:24:40 -04:00
.gitignore Add TAGS to gitignore. 2016-10-03 14:08:50 -04:00
.travis.yml Makefile: delete all the gcov-related files in reset-gcov 2019-04-01 14:06:52 +10:00
acinclude.m4 Resolve some warnings from OSX clang. 2016-06-11 10:11:53 -04:00
autogen.sh Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
ChangeLog Bump master to 0.2.9.4-alpha-dev 2016-10-17 16:31:40 -04:00
configure.ac Always declare groups when building with openssl 1.1.1 APIs 2018-11-09 10:10:25 -05:00
Doxyfile.in Use output variables instead of relative paths. 2015-03-14 13:00:04 -04:00
INSTALL Small fixes for the 2702 implementation 2011-04-02 12:15:08 +02:00
LICENSE Add __mulodi4 source to src/ext 2016-05-18 09:44:01 -04:00
Makefile.am Makefile: actually, don't delete the gcno files 2019-04-05 12:56:29 +10:00
Makefile.nmake Clean up the MVSC nmake files so they work again. 2014-09-09 10:27:05 -04:00
README Move hacking documentation into a new subdirectory. 2015-10-09 10:40:53 -04:00
ReleaseNotes release-notes for 0.2.8.9 2016-10-17 15:00:58 -04:00

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

To build Tor from a just-cloned git repository:
        sh autogen.sh && ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/docs/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/docs/faq.html


To get started working on Tor development:
        See the doc/HACKING directory.