diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-13 14:36:41 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-01-15 11:49:25 -0500 |
| commit | 115782bdbe42e4b3d5cb386d2939a883bc381d12 (patch) | |
| tree | facebd78bfcd426d3404999e5237c502fb34ebaa /changes | |
| parent | a16902b9d4b0a912eb0a252bb945cbeaaa40dacb (diff) | |
| download | tor-115782bdbe42e4b3d5cb386d2939a883bc381d12.tar.gz tor-115782bdbe42e4b3d5cb386d2939a883bc381d12.zip | |
Fix a heap overflow found by debuger, and make it harder to make that mistake again
Our public key functions assumed that they were always writing into a
large enough buffer. In one case, they weren't.
(Incorporates fixes from sebastian)
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/tolen_asserts | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/tolen_asserts b/changes/tolen_asserts new file mode 100644 index 0000000000..90cdb2d75e --- /dev/null +++ b/changes/tolen_asserts @@ -0,0 +1,9 @@ + o Major bugfixes (security) + - Fix a heap overflow bug where an adversary could cause heap + corruption. Since the contents of the corruption would need to be + the output of an RSA decryption, we do not think this is easy to + turn in to a remote code execution attack, but everybody should + upgrade anyway. Found by debuger. Bugfix on 0.1.2.10-rc. + o Defensive programming + - Introduce output size checks on all of our decryption functions. + |