mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-19 18:00:33 +01:00
Code Issues Projects Releases Wiki Activity
23,915 Commits 53 Branches 630 Tags 133 MiB
C 94.4%
Python 1.5%
C++ 1.1%
Shell 1.1%
M4 0.9%
Other 0.8%
0fa95308fe
Go to file
Tobias Stoeckmann 0fa95308fe Check return value of buf_move_to_buf for error. 
If the concatenation of connection buffer and the buffer of linked
connection exceeds INT_MAX bytes, then buf_move_to_buf returns -1 as an
error value.

This value is currently casted to size_t (variable n_read) and will
erroneously lead to an increasement of variable "max_to_read".

This in turn can be used to call connection_buf_read_from_socket to
store more data inside the buffer than expected and clogging the
connection buffer.

If the linked connection buffer was able to overflow INT_MAX, the call
of buf_move_to_buf would have previously internally triggered an integer
overflow, corrupting the state of the connection buffer.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-09 12:00:14 -04:00
changes Merge remote-tracking branch 'tor-github/pr/902' into maint-0.2.9 2019-04-06 09:28:58 +10:00
contrib Bump to 0.2.9.17-dev 2018-09-10 09:41:22 -04:00
doc man: Document default values if not in the consensus for DoS mitigation 2018-02-13 14:21:47 -05:00
m4 Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS 2016-06-17 10:17:44 -04:00
scripts Finally remove our EOL@EOF check. 2018-06-29 23:11:02 -04:00
src Check return value of buf_move_to_buf for error. 2019-04-09 12:00:14 -04:00
.editorconfig Add .editorconfig to follow coding standards style 2018-06-17 19:24:40 -04:00
.gitignore Add TAGS to gitignore. 2016-10-03 14:08:50 -04:00
.travis.yml Makefile: delete all the gcov-related files in reset-gcov 2019-04-01 14:06:52 +10:00
acinclude.m4 Resolve some warnings from OSX clang. 2016-06-11 10:11:53 -04:00
autogen.sh Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
ChangeLog Bump master to 0.2.9.4-alpha-dev 2016-10-17 16:31:40 -04:00
configure.ac Always declare groups when building with openssl 1.1.1 APIs 2018-11-09 10:10:25 -05:00
Doxyfile.in Use output variables instead of relative paths. 2015-03-14 13:00:04 -04:00
INSTALL Small fixes for the 2702 implementation 2011-04-02 12:15:08 +02:00
LICENSE Add __mulodi4 source to src/ext 2016-05-18 09:44:01 -04:00
Makefile.am Makefile: actually, don't delete the gcno files 2019-04-05 12:56:29 +10:00
Makefile.nmake Clean up the MVSC nmake files so they work again. 2014-09-09 10:27:05 -04:00
README Move hacking documentation into a new subdirectory. 2015-10-09 10:40:53 -04:00
ReleaseNotes release-notes for 0.2.8.9 2016-10-17 15:00:58 -04:00

README 

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

To build Tor from a just-cloned git repository:
        sh autogen.sh && ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/docs/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/docs/faq.html


To get started working on Tor development:
        See the doc/HACKING directory.