From 35bf07b8d67d018f7740ca195cf8c7c86b1b4ef9 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 21 Oct 2015 11:44:43 -0400 Subject: Check for len < 4 in dn_indicates_v3_cert Without this check, we potentially look up to 3 characters before the start of a malloc'd segment, which could provoke a crash under certain (weird afaik) circumstances. Fixes 17404; bugfix on 0.2.6.3-alpha. --- changes/bug17404 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 changes/bug17404 (limited to 'changes') diff --git a/changes/bug17404 b/changes/bug17404 new file mode 100644 index 0000000000..d524f6662d --- /dev/null +++ b/changes/bug17404 @@ -0,0 +1,6 @@ + o Major bugfixes (security, correctness): + - Fix a programming error that could cause us to read 4 bytes before + the beginning of an openssl string. This could be used to provoke + a crash on systems with an unusual malloc implementation, or + systems with unsual hardening installed. Fixes bug 17404; bugfix + on 0.2.3.6-alpha. -- cgit v1.2.3-54-g00ecf