[tor-bugs] #6480 [Tor Relay]: double connection_free() in dns_resolve()
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Jul 31 18:17:31 UTC 2012
#6480: double connection_free() in dns_resolve()
-----------------------+----------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by nickm):
Based on a conversation on IRC, I now think that maybe this should be
"major" and in 0.2.3 with a possible backport to 0.2.2. It *is* a remote
freed-memory read. If somebody's running Tor under valgrind, or with a
particularly aggressive/paranoid malloc implementation, this could turn
into a remote crash for them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6480#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list