diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-08-03 11:23:06 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-08-03 11:23:06 -0400 |
| commit | babf8e2a859f56befa9a9f8da6697a954ce53f7c (patch) | |
| tree | 40f756a3d35f8323808166fbff825df41f82d583 | |
| parent | b50eb14bbf4da25ef43efe91851b239a04383c8e (diff) | |
| parent | 1040afb2425a8056dc41b35e6d825fc329663ee6 (diff) | |
| download | tor-babf8e2a859f56befa9a9f8da6697a954ce53f7c.tar.gz tor-babf8e2a859f56befa9a9f8da6697a954ce53f7c.zip | |
Merge remote-tracking branch 'origin/maint-0.2.3'
| -rw-r--r-- | changes/bug6530 | 5 | ||||
| -rw-r--r-- | src/or/routerparse.c | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/changes/bug6530 b/changes/bug6530 new file mode 100644 index 0000000000..825bbb752a --- /dev/null +++ b/changes/bug6530 @@ -0,0 +1,5 @@ + o Major security fixes: + - Avoid a read of uninitializd RAM when reading a vote or consensus + document with an unrecognized flavor name. This could lead to a + remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha. + diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 4231a17c67..970353a43c 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -2853,7 +2853,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, int flavor = networkstatus_parse_flavor_name(tok->args[1]); if (flavor < 0) { log_warn(LD_DIR, "Can't parse document with unknown flavor %s", - escaped(tok->args[2])); + escaped(tok->args[1])); goto err; } ns->flavor = flav = flavor; |