tor/bug17404 at ec5fe41209add4b216029466774a6b7e833210ef - tor - Git with a cup of Datura seeds

nihilist/tor

mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00

Nick Mathewson 35bf07b8d6 Check for len < 4 in dn_indicates_v3_cert

Without this check, we potentially look up to 3 characters before
the start of a malloc'd segment, which could provoke a crash under
certain (weird afaik) circumstances.

Fixes 17404; bugfix on 0.2.6.3-alpha.

2015-10-21 11:44:43 -04:00

7 lines

351 B

Plaintext

Raw Blame History

   o Major bugfixes (security, correctness):
     - Fix a programming error that could cause us to read 4 bytes before
       the beginning of an openssl string. This could be used to provoke
       a crash on systems with an unusual malloc implementation, or
       systems with unsual hardening installed. Fixes bug 17404; bugfix
       on 0.2.3.6-alpha.