tor/changes
Nick Mathewson be2d37ad3c Fix a pointer arithmetic bug in memarea_alloc()
Fortunately, the arithmetic cannot actually overflow, so long as we
*always* check for the size of potentially hostile input before
copying it.  I think we do, though.  We do check each line against
MAX_LINE_LENGTH, and each object name or object against
MAX_UNPARSED_OBJECT_SIZE, both of which are 128k.  So to get this
overflow, we need to have our memarea allocated way way too high up
in RAM, which most allocators won't actually do.

Bugfix on 0.2.1.1-alpha, where memarea was introduced.

Found by Guido Vranken.
2016-05-25 09:20:37 -04:00
..
.dummy Add a .dummy file in the changes directory to stop git from removing it 2015-05-11 11:41:48 -04:00
bug14821 a couple more changes files issues. 2016-03-21 11:00:50 -04:00
bug15221 Permit setrlimit, prlimit, prlimit64 calls. 2016-03-14 13:21:16 -04:00
bug15609 Socks->SOCKS in torrcs. Fixes 15609 2015-09-29 10:20:31 +02:00
bug16056 Format IPv6 policies correctly. 2015-12-08 08:44:58 -05:00
bug16248 Change behavior on missing/present event to warn instead of asserting. 2016-03-11 10:50:36 -05:00
bug16702 Fix: use the right list in find_expiring_intro_point() 2015-11-23 09:02:54 -05:00
bug17151 Add changes file for bug17151 2015-09-29 10:08:02 +02:00
bug17154 Changes file for bug17154 2015-09-29 10:10:52 +02:00
bug17173-socket-hack-rv tweak some changes files 2015-10-19 11:12:43 -04:00
bug17237_027 tweak some changes files 2015-10-19 11:12:43 -04:00
bug17251 Fix 17251: avoid integer overflow in test_crypto_slow 2015-10-06 08:58:03 -04:00
bug17347 Fix compilation of sandbox.[ch] under musl-libc 2015-10-15 10:37:41 -04:00
bug17354 Add hidserv-stats filname to our sandbox filter 2015-10-15 13:42:34 -04:00
bug17364 Note that you can use a unix domain socket for hsport 2015-10-21 12:22:05 -04:00
bug17398 Fix a memory leak; bug 17398. 2015-10-21 08:17:07 -04:00
bug17401 Fix a use-after-free in validate_intro_point_failure. Bug 17401. Found w valgrind 2015-10-21 09:59:19 -04:00
bug17402 Fix memory leak in rend_cache_failure_entry_free() 2015-10-21 10:52:57 -04:00
bug17403 Fix a memory leak in reading an expired ed signing key. 2015-10-21 11:16:28 -04:00
bug17404 Check for len < 4 in dn_indicates_v3_cert 2015-10-21 11:44:43 -04:00
bug17551 Include netinet/in.h (if detected) in check for net/pfvar.h 2015-11-25 09:27:52 -05:00
bug17583 Add descriptions for --keygen to the manpage 2016-01-28 10:19:29 -05:00
bug17668 Fix another case of 17668: Add NoEdConsensus 2016-03-21 13:24:09 -04:00
bug17675 Add some more ed25519 key files to the seccomp sandbox list 2015-12-17 14:56:24 -05:00
bug17702 Enable ed25519 collator in voting. 2016-02-22 10:07:42 -05:00
bug17722 Add changes file for 17722 2015-11-30 22:02:50 -05:00
bug17772 Ensure node is a guard candidate when picking a directory guard 2015-12-08 09:49:01 -05:00
bug17781 Fix a compilation warning introduced by clang 3.6 2015-12-08 09:37:05 -05:00
bug17818 Add changes file for 17818 2015-12-14 13:11:20 -05:00
bug17819 Don't call pthread_condattr_setclock() unless it exists 2015-12-16 09:23:44 -05:00
bug17827 Fix backtrace compilation on FreeBSD 2015-12-15 11:52:00 -05:00
bug17906 a couple more changes files issues. 2016-03-21 11:00:50 -04:00
bug17923 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
bug18050 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
bug18089 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
bug18162 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
bug18318_ed Never vote for an ed key twice. 2016-03-21 13:23:32 -04:00
bug18368 Fix log message subjects in networkstatus_parse_vote_from_string() 2016-03-21 13:23:32 -04:00
bug18570 changes file for bug18570 2016-03-21 10:19:07 -04:00
bug18841.1 Undefine _FORTIFY_SOURCE before defining it. 2016-05-11 12:15:37 -04:00
bug18977 Have correct_tm set tm_wday as well. 2016-05-12 14:37:27 -04:00
bug19008 Add "-c 1" to ping6 in test-network-all 2016-05-09 18:12:59 -04:00
bug19032 Fix out-of-bounds write during voting with duplicate ed25519 keys 2016-05-11 13:11:03 -04:00
build18490 Do not link tests against both libor.a and libor-testing.a 2016-04-12 02:48:46 +00:00
geoip-april2016 Update geoip and geoip6 to the April 5 2016 database. 2016-04-07 11:10:09 +02:00
geoip-december2015 Update geoip and geoip6 to the December 1 2015 database. 2015-12-05 17:02:59 +01:00
geoip-february2016 Update geoip and geoip6 to the February 2 2016 database. 2016-02-04 08:53:24 +01:00
geoip-january2016 Update geoip and geoip6 to the January 5 2016 database. 2016-01-07 11:10:37 +01:00
geoip-march2016 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
geoip-may2016 Update geoip and geoip6 to the May 4 2016 database. 2016-05-09 17:51:15 +02:00
geoip-october2015 Update geoip and geoip6 to the October 9 2015 database. 2015-10-09 15:27:55 +02:00
ifaddrs-tests-network-configs tweak some changes files 2015-10-19 11:12:43 -04:00
memarea_overflow Fix a pointer arithmetic bug in memarea_alloc() 2016-05-25 09:20:37 -04:00