Merge branch 'maint-0.2.1' into release-0.2.1

changes/bug4410

@@ -0,0 +1,5 @@
+  o Major bugfixes:
+    - Correctly sanity-check that we don't underflow on a memory allocation
+      for introduction point decryption. Bug discovered by Dan Rosenberg.
+      Fixes bug 4410; bugfix on 0.2.1.5-alpha.
+

changes/geoip-december2011

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the December 6 2011 Maxmind GeoLite Country database.
+

changes/geoip-november2011

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the November 1 2011 Maxmind GeoLite Country database.
+

src/or/routerparse.c

@@ -3858,6 +3858,11 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
     crypto_cipher_env_t *cipher;
     char *dec;
     int declen;
+    if (ipos_encrypted_size < CIPHER_IV_LEN + 2) {
+      log_warn(LD_REND, "Size of encrypted introduction points is too "
+                        "small.");
+      return -1;
+    }
     dec = tor_malloc_zero(ipos_encrypted_size - CIPHER_IV_LEN - 1);
     cipher = crypto_create_init_cipher(descriptor_cookie, 0);
     declen = crypto_cipher_decrypt_with_iv(cipher, dec,