stack smashing attack in function command_process_cell()
basile
basile at opensource.dyc.edu
Tue Aug 11 12:33:38 UTC 2009
Hello,
I hit this bug
stack smashing attack in function command_process_cell()
when running the new tor-0.2.1.19 compiled for embedded x86 system,
static linking. The toolchain is
gcc --version => gcc (GCC) 3.4.6 (Gentoo Hardened 3.4.6-r2 p1.6,
ssp-3.4.6-1.0, pie-8.7.10)
uclibc-0.9.28
binutils-2.18
The stack smashing protector is triggered after tor is up and fully
running, ie after it has bootstrapped, checked that its ports are
reacheable, performed bandwidth-self test and started relaying. The
easiest workaround is to disable ssp in the compiler which is undesireable.
I manually audited command_process_cell() and it looks fairly innocent.
Any suggestions from the gurus before I start a full blown attack on
this bug.
This problem was not present in 0.2.0.35 and below.
<http://www.torproject.org/dist/tor-0.2.1.19.tar.gz>
--
Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA
(716) 829-8197
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090811/370049cb/attachment.pgp>
More information about the tor-talk
mailing list