nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 14:23:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
be2d37ad3c
tor/src
History
Nick Mathewson be2d37ad3c Fix a pointer arithmetic bug in memarea_alloc() 
Fortunately, the arithmetic cannot actually overflow, so long as we
*always* check for the size of potentially hostile input before
copying it.  I think we do, though.  We do check each line against
MAX_LINE_LENGTH, and each object name or object against
MAX_UNPARSED_OBJECT_SIZE, both of which are 128k.  So to get this
overflow, we need to have our memarea allocated way way too high up
in RAM, which most allocators won't actually do.

Bugfix on 0.2.1.1-alpha, where memarea was introduced.

Found by Guido Vranken.
2016-05-25 09:20:37 -04:00
..
common Fix a pointer arithmetic bug in memarea_alloc() 2016-05-25 09:20:37 -04:00
config Merge branch 'maint-0.2.6' into maint-0.2.7 2016-05-09 14:56:56 -04:00
ext Don't enable SSE2 on X86-64. 2015-09-16 14:08:38 +02:00
or unbreak the build (when warnings are enabled) 2016-05-11 13:42:00 -04:00
test Do not link tests against both libor.a and libor-testing.a 2016-04-12 02:48:46 +00:00
tools Remove -F from tor-resolve(1) usage message. 2015-08-30 21:57:24 +03:00
trunnel Update to latest trunnel 2015-08-18 09:47:36 -04:00
win32 bump to 0.2.7.6-dev 2015-12-10 14:24:55 -05:00
include.am Use trunnel for crypto_pwbox encoding/decoding. 2014-09-25 11:58:14 -04:00