Merge remote-tracking branch 'public/bug15205_025' into maint-0.2.5

changes/bug15064

@@ -0,0 +1,4 @@
+  o Major bugfixes (FreeBSD IPFW transparent proxy):
+    - Fix address detection with FreeBSD transparent proxies,
+      when "TransProxyType ipfw" is in use.
+      Fixes bug 15064; bugfix on 0.2.5.4-alpha.

changes/bug15205

@@ -0,0 +1,5 @@
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug
+      in OSX's _strlcat_chk() function. Fixes bug 15205; bug first
+      appeared in OSX 10.9. 
+      

src/common/compat.h

@@ -224,6 +224,18 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
 #define strncasecmp _strnicmp
 #define strcasecmp _stricmp
 #endif
+
+#if defined __APPLE__
+/* On OSX 10.9 and later, the overlap-checking code for strlcat would
+ * appear to have a severe bug that can sometimes cause aborts in Tor.
+ * Instead, use the non-checking variants.  This is sad.
+ *
+ * See https://trac.torproject.org/projects/tor/ticket/15205
+ */
+#undef strlcat
+#undef strlcpy
+#endif
+
 #ifndef HAVE_STRLCAT
 size_t strlcat(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
 #endif

src/or/connection_edge.c

@@ -1531,7 +1531,8 @@ connection_ap_get_original_destination(entry_connection_t *conn,
   if (options->TransProxyType_parsed == TPT_PF_DIVERT)
     return destination_from_socket(conn, req);
 
-  if (options->TransProxyType_parsed == TPT_DEFAULT)
+  if (options->TransProxyType_parsed == TPT_DEFAULT ||
+      options->TransProxyType_parsed == TPT_IPFW)
     return destination_from_pf(conn, req);
 
   (void)conn;