Merge branch 'maint-0.2.7' into release-0.2.7

2015-10-21 13:35:04 -04:00 · 2015-10-21 13:35:04 -04:00 · cd8a62a60c
parent 3f3a753e36 7b859fd8c5
commit cd8a62a60c
6 changed files with 20 additions and 2 deletions
--- a/changes/bug17364
+++ b/changes/bug17364
@ -0,0 +1,3 @@
+  o Documentation:
+    - Note that HiddenServicePorts can take a unix domain socket.
+      Closes ticket 17364.
--- a/changes/bug17403
+++ b/changes/bug17403
@ -0,0 +1,3 @@
+  o Minor bugfixes (memory leaks):
+    - Fix a memory leak when reading an expired signing key from disk.
+      Fixes bug 17403; bugfix on 0.2.7.2-rc.
--- a/changes/bug17404
+++ b/changes/bug17404
@ -0,0 +1,6 @@
+  o Major bugfixes (security, correctness):
+    - Fix a programming error that could cause us to read 4 bytes before
+      the beginning of an openssl string. This could be used to provoke
+      a crash on systems with an unusual malloc implementation, or
+      systems with unsual hardening installed. Fixes bug 17404; bugfix
+      on 0.2.3.6-alpha.
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@ -2176,8 +2176,8 @@ The following options are used to configure a hidden service.
    option multiple times; each time applies to the service using the most
    recent HiddenServiceDir. By default, this option maps the virtual port to
    the same port on 127.0.0.1 over TCP. You may override the target port,
-    address, or both by specifying a target of addr, port, or addr:port.
-    (You can specify an IPv6 target as [addr]:port.)
+    address, or both by specifying a target of addr, port, addr:port, or
+    **unix:**__path__.  (You can specify an IPv6 target as [addr]:port.)
    You may also have multiple lines with  the same VIRTPORT: when a user
    connects to that VIRTPORT, one of the TARGETs from those lines will be
    chosen at random.
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -2521,6 +2521,10 @@ dn_indicates_v3_cert(X509_NAME *name)
  len = ASN1_STRING_to_UTF8(&s, str);
  if (len < 0)
    return 0;
+  if (len < 4) {
+    OPENSSL_free(s);
+    return 1;
+  }
  r = fast_memneq(s + len - 4, ".net", 4);
  OPENSSL_free(s);
  return r;
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@ -836,6 +836,8 @@ load_ed_keys(const or_options_t *options, time_t now)
                      INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT);
    char *fname =
      options_get_datadir_fname2(options, "keys", "ed25519_signing");
+    ed25519_keypair_free(sign);
+    tor_cert_free(sign_cert);
    sign = ed_key_init_from_file(fname,
                                 flags, LOG_WARN,
                                 sign_signing_key_with_id, now,