[tor-bugs] #7801 [Tor]: Our one use of tor_weak_random() is subtly wrong
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 27 09:44:28 UTC 2012
#7801: Our one use of tor_weak_random() is subtly wrong
-----------------------+----------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: minor | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-relay | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by cypherpunks):
While you exams circuit_resume_edge_reading_helper, FYI:
{{{
for (conn=chosen_stream; conn; conn = conn->next_stream) {
if (conn->_base.marked_for_close || conn->package_window <= 0)
}}}
will segfault if func called with first_conn == NULL.
It likely remotely exploitable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7801#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list