[tor-bugs] #8844 [Tor]: Buffer overflow in get_freelist
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 8 16:21:38 UTC 2013
#8844: Buffer overflow in get_freelist
------------------------------------+---------------------------------------
Reporter: eugenis | Owner: nickm
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version: Tor: 0.2.4.12-alpha
Keywords: 023-backport tor-relay | Parent:
Points: | Actualpoints:
------------------------------------+---------------------------------------
Comment(by asn):
Replying to [comment:2 nickm]:
> There's a fix in branch "bug8844" in my public repository at
https://gitweb.torproject.org/nickm/tor.git . It's against the maint-0.2.3
branch, and should merge forward cleanly.
Fix looks good to me. I didn't find any other places in `buffers.c`
iterating `freelists` in a weird way either.
Maybe we should mention 'eugenis' in the changes file too? Is there a nice
way of adding a unit test to validate this fix?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8844#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list