Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2

Conflicts: src/or/config.c src/or/networkstatus.c src/or/rendcommon.c src/or/routerparse.c src/or/test.c
author: Nick Mathewson <nickm@torproject.org> 2011-01-15 12:02:55 -0500
committer: Nick Mathewson <nickm@torproject.org> 2011-01-15 12:02:55 -0500
commit: ed87738ede789fb9eccfd2e5a34bd8c484dfe44e (patch)
tree: 27eb5efade75d368692a80d258615415deb8a7dc /changes/tolen_asserts
parent: b27f5cc50d4a66bff31e43a596eb296a1b5a11dc (diff)
parent: 50b06a2b76190170e9f80739f022696755b54b99 (diff)
download: tor-ed87738ede789fb9eccfd2e5a34bd8c484dfe44e.tar.gz
tor-ed87738ede789fb9eccfd2e5a34bd8c484dfe44e.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/tolen_asserts b/changes/tolen_asserts
new file mode 100644
index 0000000000..a9834ab669
--- /dev/null
+++ b/changes/tolen_asserts
@@ -0,0 +1,8 @@
+  o Major bugfixes (security)
+    - Fix a heap overflow bug where an adversary could cause heap
+      corruption.  This bug potentially allows remote code execution
+      attacks.  Found by debuger.  Fixes CVE-2011-0427.  Bugfix on
+      0.1.2.10-rc.
+  o Defensive programming
+    - Introduce output size checks on all of our decryption functions.
+
author	Nick Mathewson <nickm@torproject.org>	2011-01-15 12:02:55 -0500
committer	Nick Mathewson <nickm@torproject.org>	2011-01-15 12:02:55 -0500
commit	ed87738ede789fb9eccfd2e5a34bd8c484dfe44e (patch)
tree	27eb5efade75d368692a80d258615415deb8a7dc /changes/tolen_asserts
parent	b27f5cc50d4a66bff31e43a596eb296a1b5a11dc (diff)
parent	50b06a2b76190170e9f80739f022696755b54b99 (diff)
download	tor-ed87738ede789fb9eccfd2e5a34bd8c484dfe44e.tar.gz tor-ed87738ede789fb9eccfd2e5a34bd8c484dfe44e.zip