diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-10-14 09:38:12 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-12-20 18:22:53 -0500 |
| commit | b6227edae1d8318b694029800a26e17a2a960af5 (patch) | |
| tree | af4ab167ae727f06050526bac86f6c8b5dc0393f /changes | |
| parent | 746c51b6132d84fc7899e6b95b4a1666717d8cce (diff) | |
| download | tor-b6227edae1d8318b694029800a26e17a2a960af5.tar.gz tor-b6227edae1d8318b694029800a26e17a2a960af5.zip | |
Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.
It also closes TROVE-2016-10-001 (aka bug 20384).
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/buf-sentinel | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/buf-sentinel b/changes/buf-sentinel new file mode 100644 index 0000000000..7c5b829c19 --- /dev/null +++ b/changes/buf-sentinel @@ -0,0 +1,11 @@ + o Major features (security fixes): + + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket 20384 + (TROVE-2016-10-001). + |