[tor-bugs] #20894 [Core Tor/Tor]: Resolve read-off-end-of-buffer on atoi in fetch_from_buf_http (TROVE-2016-10-001)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 14 09:27:51 UTC 2017
#20894: Resolve read-off-end-of-buffer on atoi in fetch_from_buf_http
(TROVE-2016-10-001)
---------------------------------------+-----------------------------------
Reporter: teor | Owner: nickm
Type: defect | Status: needs_revision
Priority: High | Milestone: Tor:
| 0.3.0.x-final
Component: Core Tor/Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: tor-03-unspecified-201612 | Actual Points:
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
---------------------------------------+-----------------------------------
Comment (by arma):
Nickm tells me he's confident that the sentinel patch (already applied
back through 0.2.4) has resolved the security issue. So this is just to
clean up the code to make things better for our future? That sounds like a
great thing to put into Tor 0.3.0 (like the body of this ticket suggests).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20894#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list