[tor-bugs] #5402 [Tor Client]: #5090 allows post-auth heap overflow

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Mar 16 16:06:59 UTC 2012


#5402: #5090 allows post-auth heap overflow
------------------------+---------------------------------------------------
 Reporter:  arma        |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  major       |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by nickm):

 Replying to [ticket:5402 arma]:
 > Fortunately, it looks like it can only be triggered once you've
 authenticated to the control port (in which case you can already screw the
 user) or if you can edit the torrc file (same). So it's not harmful.

 This line of reasoning is mostly true, but there are exceptions.  For
 example, suppose that somebody has made a custom-built controller or
 torrc-generator program that accepts potentially hostile input but doesn't
 escape it correctly before passing it to Tor.  I don't know of any such
 programs in use, but if there are, that would be one way to exploit this.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5402#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list