[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8037 [Tor]: Specialy crafter microdesc could trigger to flush up to 16MB uninited heap allocated memory to media

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #8037 [Tor]: Specialy crafter microdesc could trigger to flush up to 16MB uninited heap allocated memory to media
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 26 Jan 2013 23:58:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 26 Jan 2013 18:59:03 -0500
In-reply-to: <051.50bfbd1c6ad7aabdbfe6dc4539c95cc2@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.50bfbd1c6ad7aabdbfe6dc4539c95cc2@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8037: Specialy crafter microdesc could trigger to flush up to 16MB uninited heap
allocated memory to media
----------------------------+-----------------------------------------------
    Reporter:  cypherpunks  |       Owner:                    
        Type:  defect       |      Status:  needs_review      
    Priority:  minor        |   Milestone:  Tor: 0.2.4.x-final
   Component:  Tor          |     Version:                    
  Resolution:               |    Keywords:  tor-client easy   
      Parent:               |      Points:                    
Actualpoints:               |  
----------------------------+-----------------------------------------------

Comment(by cypherpunks):

 > But maybe we should just check for NUL bytes and reject the descriptor
 if they're present.

 Not instead but together with it. Cache copying of every document should
 be consisted to one way, strndup or memdup. We need to think about binary
 document future right now.

 tokenize_string could to check for NUL byte if ''const char *end''
 present.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8037#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #8037 [- Select a component]: Specialy crafter microdesc could trigger to flush up to 16MB uninited heap allocated memory to media
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #1854 [Analysis]: Investigate raising the minimum bandwidth for getting the Fast flag
Next by Author: Re: [tor-bugs] #8037 [Tor]: Specialy crafter microdesc could trigger to flush up to 16MB uninited heap allocated memory to media
Previous by thread: Re: [tor-bugs] #8037 [Tor]: Specialy crafter microdesc could trigger to flush up to 16MB uninited heap allocated memory to media
Next by thread: Re: [tor-bugs] #8037 [Tor]: Specialy crafter microdesc could trigger to flush up to 16MB uninited heap allocated memory to media
Index(es):
- Author
- Thread