nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 04:13:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
mirror repository of the tor core protocol in case of issues
31,195 Commits 53 Branches 630 Tags 128 MiB
C 94.4%
Python 1.5%
C++ 1.1%
Shell 1.1%
M4 0.9%
Other 0.8%
b46984e97e
Go to file
Alexander Færøy b46984e97e Fix out-of-bound memory read in tor_tls_cert_matches_key() for NSS. 
This patch fixes an out-of-bound memory read in
`tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
instead of OpenSSL.

The NSS library stores some length fields in bits instead of bytes, but
the comparison function found in `SECITEM_ItemsAreEqual()` needs the
length to be encoded in bytes. This means that for a 140-byte,
DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
bytes instead of 140 (140bytes * 8bits = 1120bits).

This patch fixes the issue by converting from bits to bytes before
calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
bits before we leave the function.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
changes Fix out-of-bound memory read in tor_tls_cert_matches_key() for NSS. 2020-07-06 16:19:16 -04:00
contrib Bump version to 0.3.5.10-dev 2020-03-18 12:15:32 -04:00
doc Merge remote-tracking branch 'tor-github/pr/1020' into maint-0.3.5 2019-08-12 09:49:53 +10:00
m4 Replace obsolete macros with modern equivalents 2016-12-23 10:34:11 -05:00
scripts Fix coverage script. 2019-02-08 10:43:38 -05:00
src Fix out-of-bound memory read in tor_tls_cert_matches_key() for NSS. 2020-07-06 16:19:16 -04:00
.appveyor.yml Update and upgrade Pacman before installing dependencies in AppVeyor. 2020-06-05 12:37:08 -04:00
.editorconfig Add .editorconfig to follow coding standards style 2018-06-17 19:24:40 -04:00
.gitignore Try @warning_flags to avoid bloating verbose make logs 2018-12-21 10:00:23 -05:00
.gitlab-ci.yml Fix spelling mistakes corresponding to ticket #23650 2018-02-07 10:41:57 -05:00
.gitmodules Update the .gitmodules to refer to project-level tor-rust-dependencies 2018-02-21 11:53:04 -05:00
.travis.yml Revert "Travis: temporarily fix stem version to d1174a83c2dcb7b8" 2020-06-03 14:48:05 -04:00
acinclude.m4 Bump copyright date to 2019. 2019-01-16 12:32:32 -05:00
autogen.sh Report errors when updating configuration files 2016-12-23 10:35:26 -05:00
ChangeLog Copy changelog to maint-0.3.5 so master will get it. 2018-11-08 09:02:03 -05:00
CODE_OF_CONDUCT Add CODE_OF_CONDUCT file 2018-07-05 11:22:33 +03:00
config.rust.in Make the rust tests link. 2018-07-31 19:46:00 -04:00
configure.ac Fix use of non-portable == in configure.ac. 2020-05-15 09:58:49 -04:00
CONTRIBUTING Add CODE_OF_CONDUCT file 2018-07-05 11:22:33 +03:00
Doxyfile.in Fix Doxyfile for 0.3.5 source tree moves 2018-11-14 07:45:55 -05:00
INSTALL Remove old instructions from INSTALL 2018-07-03 16:34:52 +03:00
LICENSE Bump copyright date to 2019. 2019-01-16 12:32:32 -05:00
Makefile.am test: Change "make test-stem" so it only runs the stem tests that use tor 2019-08-29 21:56:16 +10:00
Makefile.nmake Clean up the MVSC nmake files so they work again. 2014-09-09 10:27:05 -04:00
README doc: Put the release timeline link in README 2017-11-08 10:44:00 -05:00
ReleaseNotes forward-port 0.3.4.9 changelog and releasenotes 2018-11-02 11:28:57 -04:00
warning_flags.in Try @warning_flags to avoid bloating verbose make logs 2018-12-21 10:00:23 -05:00

README 

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

To build Tor from a just-cloned git repository:
        sh autogen.sh && ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/docs/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/docs/faq.html


To get started working on Tor development:
        See the doc/HACKING directory.

Release timeline:
         https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases