Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3

author: Nick Mathewson <nickm@torproject.org> 2012-08-03 11:18:40 -0400
committer: Nick Mathewson <nickm@torproject.org> 2012-08-03 11:18:40 -0400
commit: 1040afb2425a8056dc41b35e6d825fc329663ee6 (patch)
tree: 7cf79ff1da912282b0f8920a825d9258b7feae13
parent: 122c8efb09643a65cbec6c991f3433774a4524ae (diff)
parent: 55f635745afacefffdaafc72cc176ca7ab817546 (diff)
download: tor-1040afb2425a8056dc41b35e6d825fc329663ee6.tar.gz
tor-1040afb2425a8056dc41b35e6d825fc329663ee6.zip
2 files changed, 6 insertions, 1 deletions
diff --git a/changes/bug6530 b/changes/bug6530
new file mode 100644
index 0000000000..825bbb752a
--- /dev/null
+++ b/changes/bug6530
@@ -0,0 +1,5 @@
+  o Major security fixes:
+    - Avoid a read of uninitializd RAM when reading a vote or consensus
+      document with an unrecognized flavor name. This could lead to a
+      remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
+      
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 4231a17c67..970353a43c 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -2853,7 +2853,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     int flavor = networkstatus_parse_flavor_name(tok->args[1]);
     if (flavor < 0) {
       log_warn(LD_DIR, "Can't parse document with unknown flavor %s",
-               escaped(tok->args[2]));
+               escaped(tok->args[1]));
       goto err;
     }
     ns->flavor = flav = flavor;
author	Nick Mathewson <nickm@torproject.org>	2012-08-03 11:18:40 -0400
committer	Nick Mathewson <nickm@torproject.org>	2012-08-03 11:18:40 -0400
commit	1040afb2425a8056dc41b35e6d825fc329663ee6 (patch)
tree	7cf79ff1da912282b0f8920a825d9258b7feae13
parent	122c8efb09643a65cbec6c991f3433774a4524ae (diff)
parent	55f635745afacefffdaafc72cc176ca7ab817546 (diff)
download	tor-1040afb2425a8056dc41b35e6d825fc329663ee6.tar.gz tor-1040afb2425a8056dc41b35e6d825fc329663ee6.zip