[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.2.5] whoops; missing changes file for 14013

commit 184a2dbbdd27f958f5ac290fe030d1fac2959157
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Tue Dec 23 10:55:25 2014 -0500

    whoops; missing changes file for 14013
---
 changes/bug14013 |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/changes/bug14013 b/changes/bug14013
new file mode 100644
index 0000000..640cf85
--- /dev/null
+++ b/changes/bug14013
@@ -0,0 +1,6 @@
+  o Major bugfixes:
+    - When reading a hexadecimal, base-32, or base-64 encoded value
+      from a string, always overwrite the complete output buffer. This
+      prevents some bugs where we would look at (but fortunately, not
+      reveal) uninitialized memory on the stack. Fixes bug 14013;
+      bugfix on all versions of Tor.



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits