mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
c56bb30044
We were checking whether a 8-bit length field had overflowed a 503-byte buffer. Unless somebody has found a way to store "504" in a single byte, it seems unlikely. Fix for 10313 and 9980. Based on a pach by Jared L Wong. First found by David Fifield with STACK.
9 lines
346 B
Plaintext
9 lines
346 B
Plaintext
o Minor bugfixes:
|
|
- Fixed an erroneous pointer comparison that would have allowed
|
|
compilers to remove a bounds check in channeltls.c. The fix
|
|
was to remove the check entirely, since it was impossible for
|
|
the code to overflow the bounds. Noticed by Jared L
|
|
Wong. Fixes bug 10313 and 9980. Bugfix on 0.2.0.10-alpha.
|
|
|
|
|