tor/bug18162 at 194e31057fbf07d6bdf4b62d26e1a9db334e5f1c - tor - Git with a cup of Datura seeds

nihilist/tor

mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00

Nick Mathewson bca7083e82 avoid integer overflow in and around smartlist_ensure_capacity.

This closes bug 18162; bugfix on a45b131590, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.

2016-01-27 12:32:41 -05:00

8 lines

295 B

Plaintext

Raw Blame History

   o Major bugfixes (security, pointers):
     - Avoid a difficult-to-trigger heap corruption attack when extending
       a smartlist to contain over 16GB of pointers. Fixes bug #18162;
       bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
       incompletely. Reported by Guido Vranken.