Merge branch 'maint-0.2.6' into release-0.2.6

author: Nick Mathewson <nickm@torproject.org> 2017-06-27 11:04:44 -0400
committer: Nick Mathewson <nickm@torproject.org> 2017-06-27 11:04:44 -0400
commit: 1fd9d5ef37943a3c4688b113972bb7f6d44dbb7f (patch)
tree: b16a9abf469e5da9af55fd82bbaf9ceea272dc58 /changes/bug22737
parent: eb4ca1c16eb7983869bac9b4a0276e535d6f7dbe (diff)
parent: 3de27618e65affe3688a5d92bce96e1e4ed5a82a (diff)
download: tor-1fd9d5ef37943a3c4688b113972bb7f6d44dbb7f.tar.gz
tor-1fd9d5ef37943a3c4688b113972bb7f6d44dbb7f.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/changes/bug22737 b/changes/bug22737
new file mode 100644
index 0000000000..f0de8e6c41
--- /dev/null
+++ b/changes/bug22737
@@ -0,0 +1,12 @@
+  o Minor bugfixes (defensive programming, undefined behavior):
+
+    - Fix a memset() off the end of an array when packing cells.  This
+      bug should be harmless in practice, since the corrupted bytes
+      are still in the same structure, and are always padding bytes,
+      ignored, or immediately overwritten, depending on compiler
+      behavior. Nevertheless, because the memset()'s purpose is to
+      make sure that any other cell-handling bugs can't expose bytes
+      to the network, we need to fix it. Fixes bug 22737; bugfix on
+      0.2.4.11-alpha. Fixes CID 1401591.
+
+
author	Nick Mathewson <nickm@torproject.org>	2017-06-27 11:04:44 -0400
committer	Nick Mathewson <nickm@torproject.org>	2017-06-27 11:04:44 -0400
commit	1fd9d5ef37943a3c4688b113972bb7f6d44dbb7f (patch)
tree	b16a9abf469e5da9af55fd82bbaf9ceea272dc58 /changes/bug22737
parent	eb4ca1c16eb7983869bac9b4a0276e535d6f7dbe (diff)
parent	3de27618e65affe3688a5d92bce96e1e4ed5a82a (diff)
download	tor-1fd9d5ef37943a3c4688b113972bb7f6d44dbb7f.tar.gz tor-1fd9d5ef37943a3c4688b113972bb7f6d44dbb7f.zip