Merge remote-tracking branch 'tor-github/pr/926' into maint-0.3.5

author: teor <teor@torproject.org> 2019-08-12 09:41:14 +1000
committer: teor <teor@torproject.org> 2019-08-12 09:41:14 +1000
commit: 9be65c440baae43dd38ffef216f6198c714ba5ba (patch)
tree: ec21442c9ea9cd8185ce0d219c2fe0660f0ac4ec /changes
parent: 955cf9620c68c17f6531e80f9f4a7fa7d9f0f479 (diff)
parent: 2cdc6b2005d2ad09b44cf9a455a70f258e7f6fca (diff)
download: tor-9be65c440baae43dd38ffef216f6198c714ba5ba.tar.gz
tor-9be65c440baae43dd38ffef216f6198c714ba5ba.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug30040 b/changes/bug30040
new file mode 100644
index 0000000000..7d80528a10
--- /dev/null
+++ b/changes/bug30040
@@ -0,0 +1,9 @@
+  o Minor bugfixes (security):
+    - Fix a potential double free bug when reading huge bandwidth files. The
+      issue is not exploitable in the current Tor network because the
+      vulnerable code is only reached when directory authorities read bandwidth
+      files, but bandwidth files come from a trusted source (usually the
+      authorities themselves). Furthermore, the issue is only exploitable in
+      rare (non-POSIX) 32-bit architectures which are not used by any of the
+      current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found
+      and fixed by Tobias Stoeckmann.
author	teor <teor@torproject.org>	2019-08-12 09:41:14 +1000
committer	teor <teor@torproject.org>	2019-08-12 09:41:14 +1000
commit	9be65c440baae43dd38ffef216f6198c714ba5ba (patch)
tree	ec21442c9ea9cd8185ce0d219c2fe0660f0ac4ec /changes
parent	955cf9620c68c17f6531e80f9f4a7fa7d9f0f479 (diff)
parent	2cdc6b2005d2ad09b44cf9a455a70f258e7f6fca (diff)
download	tor-9be65c440baae43dd38ffef216f6198c714ba5ba.tar.gz tor-9be65c440baae43dd38ffef216f6198c714ba5ba.zip