[tor-bugs] #5402 [Tor Client]: #5090 allows post-auth heap overflow
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Mar 16 16:06:59 UTC 2012
#5402: #5090 allows post-auth heap overflow
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by nickm):
Replying to [ticket:5402 arma]:
> Fortunately, it looks like it can only be triggered once you've
authenticated to the control port (in which case you can already screw the
user) or if you can edit the torrc file (same). So it's not harmful.
This line of reasoning is mostly true, but there are exceptions. For
example, suppose that somebody has made a custom-built controller or
torrc-generator program that accepts potentially hostile input but doesn't
escape it correctly before passing it to Tor. I don't know of any such
programs in use, but if there are, that would be one way to exploit this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5402#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list