tor/bug18162 at f6420bceec9707324fe23c98a2a70dd2612f183f - tor - Git with a cup of Datura seeds

nihilist/tor

mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 21:16:22 +02:00

Nick Mathewson bca7083e82 avoid integer overflow in and around smartlist_ensure_capacity.

This closes bug 18162; bugfix on a45b131590, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.

2016-01-27 12:32:41 -05:00

8 lines

295 B

Plaintext

Raw Blame History

   o Major bugfixes (security, pointers):
     - Avoid a difficult-to-trigger heap corruption attack when extending
       a smartlist to contain over 16GB of pointers. Fixes bug #18162;
       bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
       incompletely. Reported by Guido Vranken.