mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 10:12:15 +01:00
4ed10e5053
When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof() on a pointer instead of using the real size of the destination buffer leading to an overflow passing an enormous value to the signing digest function. Fortunately, that value was only used to make sure the destination buffer length was big enough for the key size and in this case it always was because of the overflow. Fixes #21553 Signed-off-by: David Goulet <dgoulet@torproject.org>
8 lines
470 B
Plaintext
8 lines
470 B
Plaintext
o Minor bugfixes (hidden service):
|
|
- When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof()
|
|
on a pointer instead of real size of the destination buffer leading to
|
|
an overflow passing an enormous value to the signing digest function.
|
|
Fortunately, that value was only used to make sure the destination
|
|
buffer length was big enough for the key size and in this case it was.
|
|
Fixes bug 21553; bugfix on tor-0.3.0.1-alpha.
|