mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 10:12:15 +01:00
b6227edae1
This helps protect against bugs where any part of a buf_t's memory is passed to a function that expects a NUL-terminated input. It also closes TROVE-2016-10-001 (aka bug 20384).
12 lines
559 B
Plaintext
12 lines
559 B
Plaintext
o Major features (security fixes):
|
|
|
|
- Prevent a class of security bugs caused by treating the contents
|
|
of a buffer chunk as if they were a NUL-terminated string. At
|
|
least one such bug seems to be present in all currently used
|
|
versions of Tor, and would allow an attacker to remotely crash
|
|
most Tor instances, especially those compiled with extra compiler
|
|
hardening. With this defense in place, such bugs can't crash Tor,
|
|
though we should still fix them as they occur. Closes ticket 20384
|
|
(TROVE-2016-10-001).
|
|
|