nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-30 23:53:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix non-triggerable heap corruption at do_getpass().

Browse Source
This commit is contained in:
George Kadianakis 2016-10-10 12:03:39 -04:00
parent 684500519d
commit e59f0d4cb9
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug19223 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (getpass):
- Defensively fix a non-triggerable heap corruption at do_getpass() tow
protect ourselves from mistakes in the future. Fixes bug #19223; bugfix
on 0.2.7.3-rc. Bug found by Guido Vranken, patch by nherring.

4
src/or/routerkeys.c
View File

@ -48,8 +48,8 @@ do_getpass(const char *prompt, char *buf, size_t buflen,
size_t p2len = strlen(prompt) + 1; size_t p2len = strlen(prompt) + 1;
if (p2len < sizeof(msg)) if (p2len < sizeof(msg))
p2len = sizeof(msg); p2len = sizeof(msg);
prompt2 = tor_malloc(strlen(prompt)+1); prompt2 = tor_malloc(p2len);
memset(prompt2, ' ', p2len); memset(prompt2, ' ', p2len - sizeof(msg));
memcpy(prompt2 + p2len - sizeof(msg), msg, sizeof(msg)); memcpy(prompt2 + p2len - sizeof(msg), msg, sizeof(msg));
buf2 = tor_malloc_zero(buflen); buf2 = tor_malloc_zero(buflen);