[tor-bugs] #8037 [Tor]: Specialy crafter microdesc could trigger to flush up to 16MB uninited heap allocated memory to media
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jan 26 23:58:52 UTC 2013
#8037: Specialy crafter microdesc could trigger to flush up to 16MB uninited heap
allocated memory to media
----------------------------+-----------------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: needs_review
Priority: minor | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client easy
Parent: | Points:
Actualpoints: |
----------------------------+-----------------------------------------------
Comment(by cypherpunks):
> But maybe we should just check for NUL bytes and reject the descriptor
if they're present.
Not instead but together with it. Cache copying of every document should
be consisted to one way, strndup or memdup. We need to think about binary
document future right now.
tokenize_string could to check for NUL byte if ''const char *end''
present.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8037#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list