Don't atoi off the end of a buffer chunk.

Fixes bug 20894; bugfix on 0.2.0.16-alpha. We already applied a workaround for this as 20834, so no need to freak out (unless you didn't apply 20384 yet).
author: Nick Mathewson <nickm@torproject.org> 2017-02-13 09:39:46 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-02-14 16:38:47 -0500
commit: c4f2faf3019f2c41f9c3b2b8a73b4fe41e881328 (patch)
tree: ddb5cd77c06a5dda60a8f7683bcd6b2ce506c601 /changes/bug20894
parent: 4a2afd5b33f02ed3e5eb591dd29537fa4f69399f (diff)
download: tor-c4f2faf3019f2c41f9c3b2b8a73b4fe41e881328.tar.gz
tor-c4f2faf3019f2c41f9c3b2b8a73b4fe41e881328.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/bug20894 b/changes/bug20894
new file mode 100644
index 0000000000..6443396308
--- /dev/null
+++ b/changes/bug20894
@@ -0,0 +1,8 @@
+  o Major bugfixes (HTTP, parsing):
+    - When parsing a malformed content-length field from an HTTP message,
+      do not read off the end of the buffer. This bug was a potential
+      remote denial-of-service attack against Tor clients and relays.
+      A workaround was released in October 2016, which prevents this
+      bug from crashing Tor.  This is a fix for the underlying issue,
+      which should no longer matter (if you applied the earlier patch).
+      Fixes bug 20894; bugfix on 0.2.0.16-alpha.
author	Nick Mathewson <nickm@torproject.org>	2017-02-13 09:39:46 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-02-14 16:38:47 -0500
commit	c4f2faf3019f2c41f9c3b2b8a73b4fe41e881328 (patch)
tree	ddb5cd77c06a5dda60a8f7683bcd6b2ce506c601 /changes/bug20894
parent	4a2afd5b33f02ed3e5eb591dd29537fa4f69399f (diff)
download	tor-c4f2faf3019f2c41f9c3b2b8a73b4fe41e881328.tar.gz tor-c4f2faf3019f2c41f9c3b2b8a73b4fe41e881328.zip