[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Libevent CVE-2014-6272 does not affect Tor

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] Libevent CVE-2014-6272 does not affect Tor
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon, 5 Jan 2015 10:43:25 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 05 Jan 2015 10:43:37 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=DMtvU6r2BBblTwTt1ocOkz8lmRC+mEIuWw8GaHtVduU=; b=crISJbkFv52MmpkMRT+v7kyzZIRe4DdM+k3b5YuJpVOdSQfrO1zaGXyPNT7ii2GLB9 qy2AvvisZe1J6Bwf0xHyAhD/7/x/ErCPTQSnFldoAfeLep5nAIe1nlCDT0npA4qjRglR FIMbM4B+Om0Fufs3sztEAf4zN662LtfIwfPIlVKXGlNtJN1N5OBcEviMUND4FiNVGskL O8o7QmBnnF0BsZTWUad/8inhhqLKP1ch4O2+BGjeXgMBj8ud4fEPZpwQKxpqADjNXoHr JulGp2FPHCG9hrNYo2rg/9AaS9tIFBvHcQrVmWVc3iu4GrJCYTmdPjrYyBRkaWY72aLG mVJQ==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi!

There's a security advisory for Libevent here:
   http://archives.seul.org/libevent/users/Jan-2015/msg00010.html
Briefly: there are integer overflows in the evbuffer code, such that
if an application can be tricked into trying add a ridiculously huge
amount of data to an evbuffer in a single chunk, there could be a heap
overflow or infinite loop.  (Most applications using libevent cannot
actually be tricked into doing this.)

Some of you will likely be wondering: "Tor uses Libevent. Does this affect Tor?"

The answer is:  this does not affect Tor.

1. In the way that most people build Tor, the relevant "evbuffer"
feature in Libevent is not used.

2. When Tor is compiled with the (experimental, rarely used)
--enable-bufferevents option, Tor doesn't actually work.  Also, I do
not believe that any of the Tor code for that case has any of the
programming mistakes that would turn the Libevent bug into a
vulnerability.

3. Some of our older pluggable transport code uses Libevent too.  On
an audit, I found that it does not appear to have any of the
programming mistakes that would turn the Libevent bug into a
vulnerability.

So, no worries here on the Tor front, if my analysis is right.

best wishes,
-- 
Nick
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Tor 0.2.6.2-alpha is now released!
Next by Author: Re: [tor-talk] new paper on Tor and cryptography
Previous by thread: [tor-talk] documentation for Windows users
Next by thread: [tor-talk] TOR issues
Index(es):
- Author
- Thread