[tor-bugs] #12227 [Tor]: ASan stack-buffer-overflow in prune_v2_cipher_list -- not exploitable
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 9 04:35:08 UTC 2014
#12227: ASan stack-buffer-overflow in prune_v2_cipher_list -- not exploitable
---------------------------+-------------------------------------
Reporter: starlight | Owner:
Type: defect | Status: needs_revision
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version: Tor: 0.2.4.22
Resolution: | Keywords: tor-client 024-backport
Actual Points: | Parent ID:
Points: |
---------------------------+-------------------------------------
Comment (by starlight):
Replying to [comment:4 nickm]:
> As for the patch, why can't it just be. . .
It can. But replaced htons() because it is
logically incompatible with the SSLv2
char cipher ID construction. Was mislead
at first and thought changing it to
set_uint32(cipherid, htonl(*inp))
would work but this is incorrect. Never
liked those BSD byte-order functions
and don't use them myself. The proposed
patch is clearer.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12227#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list