nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 06:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
c4f2faf301
tor/changes/bug20894
Nick Mathewson c4f2faf301 Don't atoi off the end of a buffer chunk. 
Fixes bug 20894; bugfix on 0.2.0.16-alpha.

We already applied a workaround for this as 20834, so no need to
freak out (unless you didn't apply 20384 yet).
2017-02-14 16:38:47 -05:00

9 lines
510 B
Plaintext
Raw Blame History

o Major bugfixes (HTTP, parsing):
- When parsing a malformed content-length field from an HTTP message,
do not read off the end of the buffer. This bug was a potential
remote denial-of-service attack against Tor clients and relays.
A workaround was released in October 2016, which prevents this
bug from crashing Tor. This is a fix for the underlying issue,
which should no longer matter (if you applied the earlier patch).
Fixes bug 20894; bugfix on 0.2.0.16-alpha.
Reference in New Issue View Git Blame Copy Permalink