tor/changes
John Brooks bf3e32a452 Fix out-of-bounds write during voting with duplicate ed25519 keys
In dirserv_compute_performance_thresholds, we allocate arrays based
on the length of 'routers', a list of routerinfo_t, but loop over
the nodelist. The 'routers' list may be shorter when relays were
filtered by routers_make_ed_keys_unique, leading to an out-of-bounds
write on directory authorities.

This bug was originally introduced in 26e89742, but it doesn't look
possible to trigger until routers_make_ed_keys_unique was introduced
in 13a31e72.

Fixes bug 19032; bugfix on tor 0.2.8.2-alpha.
2016-05-11 13:11:03 -04:00
..
.dummy Add a .dummy file in the changes directory to stop git from removing it 2015-05-11 11:41:48 -04:00
bug14821 a couple more changes files issues. 2016-03-21 11:00:50 -04:00
bug15221 Permit setrlimit, prlimit, prlimit64 calls. 2016-03-14 13:21:16 -04:00
bug15609 Socks->SOCKS in torrcs. Fixes 15609 2015-09-29 10:20:31 +02:00
bug16056 Format IPv6 policies correctly. 2015-12-08 08:44:58 -05:00
bug16248 Change behavior on missing/present event to warn instead of asserting. 2016-03-11 10:50:36 -05:00
bug16702 Fix: use the right list in find_expiring_intro_point() 2015-11-23 09:02:54 -05:00
bug17151 Add changes file for bug17151 2015-09-29 10:08:02 +02:00
bug17154 Changes file for bug17154 2015-09-29 10:10:52 +02:00
bug17173-socket-hack-rv tweak some changes files 2015-10-19 11:12:43 -04:00
bug17237_027 tweak some changes files 2015-10-19 11:12:43 -04:00
bug17251 Fix 17251: avoid integer overflow in test_crypto_slow 2015-10-06 08:58:03 -04:00
bug17347 Fix compilation of sandbox.[ch] under musl-libc 2015-10-15 10:37:41 -04:00
bug17354 Add hidserv-stats filname to our sandbox filter 2015-10-15 13:42:34 -04:00
bug17364 Note that you can use a unix domain socket for hsport 2015-10-21 12:22:05 -04:00
bug17398 Fix a memory leak; bug 17398. 2015-10-21 08:17:07 -04:00
bug17401 Fix a use-after-free in validate_intro_point_failure. Bug 17401. Found w valgrind 2015-10-21 09:59:19 -04:00
bug17402 Fix memory leak in rend_cache_failure_entry_free() 2015-10-21 10:52:57 -04:00
bug17403 Fix a memory leak in reading an expired ed signing key. 2015-10-21 11:16:28 -04:00
bug17404 Check for len < 4 in dn_indicates_v3_cert 2015-10-21 11:44:43 -04:00
bug17551 Include netinet/in.h (if detected) in check for net/pfvar.h 2015-11-25 09:27:52 -05:00
bug17583 Add descriptions for --keygen to the manpage 2016-01-28 10:19:29 -05:00
bug17668 Fix another case of 17668: Add NoEdConsensus 2016-03-21 13:24:09 -04:00
bug17675 Add some more ed25519 key files to the seccomp sandbox list 2015-12-17 14:56:24 -05:00
bug17702 Enable ed25519 collator in voting. 2016-02-22 10:07:42 -05:00
bug17722 Add changes file for 17722 2015-11-30 22:02:50 -05:00
bug17772 Ensure node is a guard candidate when picking a directory guard 2015-12-08 09:49:01 -05:00
bug17781 Fix a compilation warning introduced by clang 3.6 2015-12-08 09:37:05 -05:00
bug17818 Add changes file for 17818 2015-12-14 13:11:20 -05:00
bug17819 Don't call pthread_condattr_setclock() unless it exists 2015-12-16 09:23:44 -05:00
bug17827 Fix backtrace compilation on FreeBSD 2015-12-15 11:52:00 -05:00
bug17906 a couple more changes files issues. 2016-03-21 11:00:50 -04:00
bug17923 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
bug18050 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
bug18089 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
bug18162 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
bug18318_ed Never vote for an ed key twice. 2016-03-21 13:23:32 -04:00
bug18368 Fix log message subjects in networkstatus_parse_vote_from_string() 2016-03-21 13:23:32 -04:00
bug18570 changes file for bug18570 2016-03-21 10:19:07 -04:00
bug19008 Add "-c 1" to ping6 in test-network-all 2016-05-09 18:12:59 -04:00
bug19032 Fix out-of-bounds write during voting with duplicate ed25519 keys 2016-05-11 13:11:03 -04:00
build18490 Do not link tests against both libor.a and libor-testing.a 2016-04-12 02:48:46 +00:00
geoip-april2016 Update geoip and geoip6 to the April 5 2016 database. 2016-04-07 11:10:09 +02:00
geoip-december2015 Update geoip and geoip6 to the December 1 2015 database. 2015-12-05 17:02:59 +01:00
geoip-february2016 Update geoip and geoip6 to the February 2 2016 database. 2016-02-04 08:53:24 +01:00
geoip-january2016 Update geoip and geoip6 to the January 5 2016 database. 2016-01-07 11:10:37 +01:00
geoip-march2016 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
geoip-may2016 Update geoip and geoip6 to the May 4 2016 database. 2016-05-09 17:51:15 +02:00
geoip-october2015 Update geoip and geoip6 to the October 9 2015 database. 2015-10-09 15:27:55 +02:00
ifaddrs-tests-network-configs tweak some changes files 2015-10-19 11:12:43 -04:00