Merge branch 'bug20894_029_v3'

author: Nick Mathewson <nickm@torproject.org> 2017-02-14 19:10:20 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-02-14 19:10:20 -0500
commit: 7e469c10020f92b6aa19cb3f4316fb040d837819 (patch)
tree: ce6a0f2f2fb22c78ed09a1ed838d13f7967c92e6 /changes
parent: dca8ae5cfa8b081230d033158c980d50840b072a (diff)
parent: 4c1ecd75830cbf43bc39b9c77ee01b3ce138e40c (diff)
download: tor-7e469c10020f92b6aa19cb3f4316fb040d837819.tar.gz
tor-7e469c10020f92b6aa19cb3f4316fb040d837819.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug20894 b/changes/bug20894
new file mode 100644
index 0000000000..2dbf9b9aa9
--- /dev/null
+++ b/changes/bug20894
@@ -0,0 +1,9 @@
+  o Major bugfixes (HTTP, parsing):
+    - When parsing a malformed content-length field from an HTTP message,
+      do not read off the end of the buffer. This bug was a potential
+      remote denial-of-service attack against Tor clients and relays.
+      A workaround was released in October 2016, which prevents this
+      bug from crashing Tor. This is a fix for the underlying issue,
+      which should no longer matter (if you applied the earlier patch).
+      Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
+      using AFL (http://lcamtuf.coredump.cx/afl/).
author	Nick Mathewson <nickm@torproject.org>	2017-02-14 19:10:20 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-02-14 19:10:20 -0500
commit	7e469c10020f92b6aa19cb3f4316fb040d837819 (patch)
tree	ce6a0f2f2fb22c78ed09a1ed838d13f7967c92e6 /changes
parent	dca8ae5cfa8b081230d033158c980d50840b072a (diff)
parent	4c1ecd75830cbf43bc39b9c77ee01b3ce138e40c (diff)
download	tor-7e469c10020f92b6aa19cb3f4316fb040d837819.tar.gz tor-7e469c10020f92b6aa19cb3f4316fb040d837819.zip