Add a one-word sentinel value of 0x0 at the end of each buf_t chunk

This helps protect against bugs where any part of a buf_t's memory is passed to a function that expects a NUL-terminated input. It also closes TROVE-2016-10-001 (aka bug 20384).
author: Nick Mathewson <nickm@torproject.org> 2016-10-14 09:38:12 -0400
committer: Nick Mathewson <nickm@torproject.org> 2016-10-17 14:49:54 -0400
commit: 3cea86eb2fbb65949673eb4ba8ebb695c87a57ce (patch)
tree: ef0bd43d76691b249912bc22dff34dfe771831dd /changes
parent: 12a72983766d5265b5259038af711cb172671af7 (diff)
download: tor-3cea86eb2fbb65949673eb4ba8ebb695c87a57ce.tar.gz
tor-3cea86eb2fbb65949673eb4ba8ebb695c87a57ce.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/buf-sentinel b/changes/buf-sentinel
new file mode 100644
index 0000000000..7c5b829c19
--- /dev/null
+++ b/changes/buf-sentinel
@@ -0,0 +1,11 @@
+  o Major features (security fixes):
+
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string.  At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket 20384
+      (TROVE-2016-10-001).
+
author	Nick Mathewson <nickm@torproject.org>	2016-10-14 09:38:12 -0400
committer	Nick Mathewson <nickm@torproject.org>	2016-10-17 14:49:54 -0400
commit	3cea86eb2fbb65949673eb4ba8ebb695c87a57ce (patch)
tree	ef0bd43d76691b249912bc22dff34dfe771831dd /changes
parent	12a72983766d5265b5259038af711cb172671af7 (diff)
download	tor-3cea86eb2fbb65949673eb4ba8ebb695c87a57ce.tar.gz tor-3cea86eb2fbb65949673eb4ba8ebb695c87a57ce.zip