[tor-bugs] #16823 [Tor]: potential double-free in command_process_create_cell()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Aug 16 01:21:47 UTC 2015
#16823: potential double-free in command_process_create_cell()
------------------------+----------------------------------
Reporter: isis | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.4.10-alpha
Resolution: | Keywords: tor-relay, tor-guard
Actual Points: | Parent ID:
Points: |
------------------------+----------------------------------
Changes (by yawning):
* priority: blocker => normal
* keywords:
tor-relay, tor-guard, security, 024-backport, 025-backport,
026-backport
=> tor-relay, tor-guard
* milestone: => Tor: 0.2.7.x-final
Comment:
Replying to [comment:3 nickm]:
> So unless I'm missing something big, this is a programming mistake, but
not actually exploitable. Please let me know if I'm wrong, or downgrade
to "normal priority, no backport" if I'm right?
Yeah I think baring code generation weirdness, you're right, sorry for the
confusion, my bad. We still should fix this though, since it looks hair
raising.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16823#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list