tor/changes/bug21018

  o Major bugfixes (parsing, security):

    - Fix a bug in parsing that could cause clients to read a single
      byte past the end of an allocated region. This bug could be
      used to cause hardened clients (built with
      --enable-expensive-hardening) to crash if they tried to visit
      a hostile hidden service.  Non-hardened clients are only
      affected depending on the details of their platform's memory
      allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
      using libFuzzer. Also tracked as TROVE-2016-12-002 and as
      CVE-2016-1254.
Fix parsing bug with unecognized token at EOS In get_token(), we could read one byte past the end of the region. This is only a big problem in the case where the region itself is (a) potentially hostile, and (b) not explicitly nul-terminated. This patch fixes the underlying bug, and also makes sure that the one remaining case of not-NUL-terminated potentially hostile data gets NUL-terminated. Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254 2016-12-19 02:13:58 +01:00			`o Major bugfixes (parsing, security):`

			`- Fix a bug in parsing that could cause clients to read a single`
			`byte past the end of an allocated region. This bug could be`
			`used to cause hardened clients (built with`
			`--enable-expensive-hardening) to crash if they tried to visit`
			`a hostile hidden service. Non-hardened clients are only`
			`affected depending on the details of their platform's memory`
			`allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by`
			`using libFuzzer. Also tracked as TROVE-2016-12-002 and as`
			`CVE-2016-1254.`