mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 12:23:32 +01:00
Don't use checked strl{cat,cpy} on OSX.
There is a bug in the overlap-checking in strlcat that can crash Tor servers. Fixes bug 15205; this is an OSX bug, not a Tor bug.
This commit is contained in:
parent
681802817d
commit
24c031b1a2
5
changes/bug15205
Normal file
5
changes/bug15205
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Major bugfixes (crash, OSX, security):
|
||||||
|
- Fix a remote denial-of-service opportunity caused by a bug
|
||||||
|
in OSX's _strlcat_chk() function. Fixes bug 15205; bug first
|
||||||
|
appeared in OSX 10.9.
|
||||||
|
|
@ -224,6 +224,18 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
|
|||||||
#define strncasecmp _strnicmp
|
#define strncasecmp _strnicmp
|
||||||
#define strcasecmp _stricmp
|
#define strcasecmp _stricmp
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined __APPLE__
|
||||||
|
/* On OSX 10.9 and later, the overlap-checking code for strlcat would
|
||||||
|
* appear to have a severe bug that can sometimes cause aborts in Tor.
|
||||||
|
* Instead, use the non-checking variants. This is sad.
|
||||||
|
*
|
||||||
|
* See https://trac.torproject.org/projects/tor/ticket/15205
|
||||||
|
*/
|
||||||
|
#undef strlcat
|
||||||
|
#undef strlcpy
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef HAVE_STRLCAT
|
#ifndef HAVE_STRLCAT
|
||||||
size_t strlcat(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
|
size_t strlcat(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user