Go to file
John Brooks 2b27ce52d2 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2015-05-05 15:05:32 -04:00
changes Fix out-of-bounds read in INTRODUCE2 client auth 2015-05-05 15:05:32 -04:00
contrib bump 0.2.5 version to 0.2.5.12 2015-04-06 09:56:37 -04:00
doc Documenting reject6 and accept6 ExitPolicy entries in manpage. 2014-09-02 18:58:00 -04:00
m4 Use pc_from_ucontext.m4 from Google Performance Tools 2013-11-18 10:43:15 -05:00
scripts Bring remaining 0.2.5.5-alpha entries into changelog 2014-06-16 15:00:35 -04:00
src Fix out-of-bounds read in INTRODUCE2 client auth 2015-05-05 15:05:32 -04:00
.gitignore Add cscope generated files to .gitignore. 2014-09-08 15:07:54 -04:00
acinclude.m4 remove a stray " while warning about missing packages on redhat 2014-06-02 02:30:25 -04:00
autogen.sh Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
ChangeLog Give 0.2.5.5-alpha a release date 2014-06-18 14:17:45 -04:00
configure.ac bump 0.2.5 version to 0.2.5.12 2015-04-06 09:56:37 -04:00
Doxyfile.in Fix up all doxygen warnings other than "foo is not documented" 2011-03-16 14:47:27 -04:00
INSTALL Small fixes for the 2702 implementation 2011-04-02 12:15:08 +02:00
LICENSE Raw import of Marek Majkowski's cisphash.c 2014-02-12 10:09:45 -05:00
Makefile.am Deal with the aftermath of sorting contrib 2014-04-28 11:59:55 -04:00
Makefile.nmake Clean up the MVSC nmake files so they work again. 2014-09-09 10:27:05 -04:00
README Fix some URLs in the README 2014-08-09 15:57:44 -04:00
ReleaseNotes Forward-port 0.2.4.22 changelog 2014-05-16 09:06:48 -04:00

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/docs/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/docs/faq.html


To get started working on Tor development:
        See the doc/HACKING file.