diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-01-27 12:26:02 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-01-27 12:32:41 -0500 |
| commit | bca7083e8285e8e6a4377076a7e432417eafc6d2 (patch) | |
| tree | 688e4f31c1243d87f51b897e3e21f6cd28cc8233 /changes | |
| parent | 11f63d26acb8ca872d894fb1423b380dc1f8dc2e (diff) | |
| download | tor-bca7083e8285e8e6a4377076a7e432417eafc6d2.tar.gz tor-bca7083e8285e8e6a4377076a7e432417eafc6d2.zip | |
avoid integer overflow in and around smartlist_ensure_capacity.
This closes bug 18162; bugfix on a45b1315909c9, which fixed a related
issue long ago.
In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug18162 | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/changes/bug18162 b/changes/bug18162 new file mode 100644 index 0000000000..0844d6f62f --- /dev/null +++ b/changes/bug18162 @@ -0,0 +1,7 @@ + o Major bugfixes (security, pointers): + + - Avoid a difficult-to-trigger heap corruption attack when extending + a smartlist to contain over 16GB of pointers. Fixes bug #18162; + bugfix on Tor 0.1.1.11-alpha, which fixed a related bug + incompletely. Reported by Guido Vranken. + |