Hello,
I hit this bug
stack smashing attack in function command_process_cell()
when running the new tor-0.2.1.19 compiled for embedded x86 system,
static linking. The toolchain is
gcc --version => gcc (GCC) 3.4.6 (Gentoo Hardened 3.4.6-r2 p1.6,
ssp-3.4.6-1.0, pie-8.7.10)
uclibc-0.9.28
binutils-2.18
The stack smashing protector is triggered after tor is up and fully
running, ie after it has bootstrapped, checked that its ports are
reacheable, performed bandwidth-self test and started relaying. The
easiest workaround is to disable ssp in the compiler which is undesireable.
I manually audited command_process_cell() and it looks fairly innocent.
Any suggestions from the gurus before I start a full blown attack on
this bug.
This problem was not present in 0.2.0.35 and below.
<http://www.torproject.org/dist/tor-0.2.1.19.tar.gz>
--
Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA
(716) 829-8197
Attachment:
signature.asc
Description: OpenPGP digital signature