nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 06:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
mirror repository of the tor core protocol in case of issues
17,173 Commits 53 Branches 630 Tags 128 MiB
C 94.4%
Python 1.5%
C++ 1.1%
Shell 1.1%
M4 0.9%
Other 0.8%
cca6198c77
Go to file
Nick Mathewson cca6198c77 Avoid illegal read off end of an array in prune_v2_cipher_list 
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-06-10 11:11:47 -04:00
changes Avoid illegal read off end of an array in prune_v2_cipher_list 2014-06-10 11:11:47 -04:00
contrib Bump maint-0.2.4 version to 0.2.4.22-dev 2014-05-16 09:16:54 -04:00
doc Fix documentation of torrc search order 2014-04-01 20:56:03 -04:00
m4 Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
src Avoid illegal read off end of an array in prune_v2_cipher_list 2014-06-10 11:11:47 -04:00
.gitignore Add a new automake dropping ("test-driver") to .gitignore 2013-01-16 01:56:35 -05:00
acinclude.m4 Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
autogen.sh Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
ChangeLog rewrite history to improve two changelog entries 2013-10-10 21:17:19 -04:00
configure.ac Bump maint-0.2.4 version to 0.2.4.22-dev 2014-05-16 09:16:54 -04:00
Doxyfile.in Fix up all doxygen warnings other than "foo is not documented" 2011-03-16 14:47:27 -04:00
INSTALL Small fixes for the 2702 implementation 2011-04-02 12:15:08 +02:00
LICENSE Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Makefile.am Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
Makefile.nmake Add clean target and test subdir to makefile.nmake 2013-01-16 22:29:38 -05:00
README we have two faqs for now 2010-02-22 00:41:48 -05:00
ReleaseNotes forward-port the 0.2.3.25 changelog and release notes 2012-11-20 03:46:56 -05:00

README 

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/faq.html
        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ