[tor-bugs] #33619 [Core Tor/Tor]: Resolve TROVE-2020-004
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 17 18:14:50 UTC 2020
#33619: Resolve TROVE-2020-004
-------------------------------------------------+-------------------------
Reporter: nickm | Owner: (none)
Type: defect | Status: closed
Priority: Medium | Milestone: Tor:
| 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution: fixed
Keywords: 041-backport 042-backport | Actual Points: 1
043-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by nickm):
* status: new => closed
* actualpoints: => 1
* milestone: Tor: 0.4.4.x-final => Tor: 0.4.1.x-final
* keywords: => 041-backport 042-backport 043-backport
* resolution: => fixed
Old description:
New description:
This is a remotely triggerable memory leak on relays and clients, found by
tobias pulls.
The issue is that when circpad_setup_machine_on_circ() is reached with an
inconsistent internal configuration, it fails to free an object that is
replaced. It logs a bug warning, but that isn't enough.
Tobias Pulls found that this code was actually reachable, though, and
results in a memory leak.
--
Comment:
We fix this in 78bcfc1280b322ba57a10a116457616eeb742ab6, with a fix that
avoids the memory leak and prevents us from spamming the logs. It does
not fix the underlying issue where the code that wasn't supposed to be
reachable is actually reached.
This is a "medium" severity issue, and is also tracked as CVE-2020-10593.
This fix has been merged to all ''supported'' affected releases (0.4.1.x
and later).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33619#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list