nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
mirror repository of the tor core protocol in case of issues
11,072 Commits 53 Branches 630 Tags 125 MiB
C 94.4%
Python 1.5%
C++ 1.1%
Shell 1.1%
M4 0.9%
Other 0.8%
a16902b9d4
Go to file
Nick Mathewson a16902b9d4 Always nul-terminate the result passed to evdns_server_add_ptr_reply 
In dnsserv_resolved(), we carefully made a nul-terminated copy of the
answer in a PTR RESOLVED cell... then never used that nul-terminated
copy.  Ouch.

Surprisingly this one isn't as huge a security problem as it could be.
The only place where the input to dnsserv_resolved wasn't necessarily
nul-terminated was when it was called indirectly from relay.c with the
contents of a relay cell's payload.  If the end of the payload was
filled with junk, eventdns.c would take the strdup() of the name [This
part is bad; we might crash there if the cell is in a bad part of the
stack or the heap] and get a name of at least length
495[*]. eventdns.c then rejects any name of length over 255, so the
bogus data would be neither transmitted nor altered.

  [*] If the name was less than 495 bytes long, the client wouldn't
     actually be reading off the end of the cell.

Nonetheless this is a reasonably annoying bug.  Better fix it.

Found while looking at bug 2332, reported by doorss.  Bugfix on
0.2.0.1-alpha.
2011-01-15 11:49:25 -05:00
changes Always nul-terminate the result passed to evdns_server_add_ptr_reply 2011-01-15 11:49:25 -05:00
contrib Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
doc stop shipping doc/img and doc/website in the tarball 2010-11-23 00:03:50 -05:00
src Always nul-terminate the result passed to evdns_server_add_ptr_reply 2011-01-15 11:49:25 -05:00
Win32Build r8906@Kushana: nickm | 2006-09-21 21:23:22 -0400 2006-09-22 01:23:28 +00:00
.gitignore Add *.swp to .gitignore as vim's editor dropping. 2009-05-27 12:10:37 -04:00
acinclude.m4 Add --enable-static-(openssl|libevent) options 2010-01-24 14:34:47 -05:00
AUTHORS r16997@catbus: nickm | 2007-12-06 18:56:33 -0500 2007-12-06 23:56:36 +00:00
autogen.sh r14641@catbus: nickm | 2007-08-17 17:53:14 -0400 2007-08-17 21:55:24 +00:00
ChangeLog give us a blurb; add stanza to the releasenotes 2010-03-16 00:44:30 -04:00
configure.in Use -Wno-system-headers on openbsd to resolve 2nd case of bug1848 2010-08-26 19:03:51 +02:00
Doxyfile.in Doxygen whines bitterly unless I let it update the configfile 2007-10-15 19:05:20 +00:00
INSTALL we changed autogen.sh's behavior, so update the INSTALL file 2008-01-23 19:08:53 +00:00
LICENSE Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
Makefile.am Note that Tor requires Automake 1.7. Fixes bug 2305 2011-01-03 17:24:16 -05:00
README update the (not very useful) readme 2008-12-07 23:41:10 +00:00
ReleaseNotes put 0.2.1.28 release notes in place too 2010-12-16 19:20:18 -05:00
tor.spec.in update requirements to openssl 0.9.7 2009-06-08 10:30:13 -04:00

README 

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure; make; make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO

Frequently Asked Questions:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ