nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-23 20:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

explain that bug 5090 allows a post-auth heap overflow

Browse Source 
resolves bug 5402.
This commit is contained in:
Roger Dingledine 2012-03-25 23:09:23 -04:00
parent fe2b177cfb
commit bca8bf62c6
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -43,8 +43,11 @@ Changes in version 0.2.3.13-alpha - 2012-03-1?
- Detect and reject certain misformed escape sequences in
configuration values. Previously, these values would cause us
to crash if received in a torrc file or over an (authenticated)
control port. Bug found by Esteban Manchado Velázquez. Patch by
"flupzor". Fixes bug 5090; bugfix on 0.2.0.16-alpha.
control port. Bug found by Esteban Manchado Velázquez, and
independently by Robert Connolly from Matta Consulting who further
noted that it allows a post-authentication heap overflow. Patch
by "flupzor". Fixes bugs 5090 and 5402 (CVE 2012-1668); bugfix
on 0.2.0.16-alpha.
- Ensure that variables set in Tor's environment cannot override
environment variables which Tor tries to pass to a managed
pluggable-transport proxy. Previously, Tor would pass every