[tor-bugs] #7801 [Tor]: Our one use of tor_weak_random() is subtly wrong

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Dec 27 09:44:28 UTC 2012


#7801: Our one use of tor_weak_random() is subtly wrong
-----------------------+----------------------------------------------------
 Reporter:  nickm      |          Owner:                    
     Type:  defect     |         Status:  new               
 Priority:  minor      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor        |        Version:                    
 Keywords:  tor-relay  |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by cypherpunks):

 While you exams circuit_resume_edge_reading_helper, FYI:
 {{{
 for (conn=chosen_stream; conn; conn = conn->next_stream) {
   if (conn->_base.marked_for_close || conn->package_window <= 0)
 }}}
 will segfault if func called with first_conn == NULL.
 It likely remotely exploitable.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7801#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list