[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20894 [Core Tor/Tor]: Resolve read-off-end-of-buffer on atoi in fetch_from_buf_http (TROVE-2016-10-001)

Subject: Re: [tor-bugs] #20894 [Core Tor/Tor]: Resolve read-off-end-of-buffer on atoi in fetch_from_buf_http (TROVE-2016-10-001)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 14 Feb 2017 09:27:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 14 Feb 2017 04:28:01 -0500
In-reply-to: <044.d6c90ef4937974137e82be61c9cb71a4@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.d6c90ef4937974137e82be61c9cb71a4@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20894: Resolve read-off-end-of-buffer on atoi in fetch_from_buf_http
(TROVE-2016-10-001)
---------------------------------------+-----------------------------------
 Reporter:  teor                       |          Owner:  nickm
     Type:  defect                     |         Status:  needs_revision
 Priority:  High                       |      Milestone:  Tor:
                                       |  0.3.0.x-final
Component:  Core Tor/Tor               |        Version:  Tor: unspecified
 Severity:  Normal                     |     Resolution:
 Keywords:  tor-03-unspecified-201612  |  Actual Points:
Parent ID:                             |         Points:  0.5
 Reviewer:                             |        Sponsor:
---------------------------------------+-----------------------------------

Comment (by arma):

 Nickm tells me he's confident that the sentinel patch (already applied
 back through 0.2.4) has resolved the security issue. So this is just to
 clean up the code to make things better for our future? That sounds like a
 great thing to put into Tor 0.3.0 (like the body of this ticket suggests).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20894#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #21355 [Core Tor/Tor]: Warn when IPv6Exits have no ipv6-policy line in their descriptor
Next by Author: [tor-bugs] #21480 [Internal Services/Tor Sysadmin Team]: Please update nickm pgp key on ldap
Previous by thread: Re: [tor-bugs] #20894 [Core Tor/Tor]: Resolve read-off-end-of-buffer on atoi in fetch_from_buf_http (TROVE-2016-10-001)
Next by thread: Re: [tor-bugs] #20894 [Core Tor/Tor]: Resolve read-off-end-of-buffer on atoi in fetch_from_buf_http (TROVE-2016-10-001)
Index(es):
- Author
- Thread