[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

stack smashing attack in function command_process_cell()



Hello,

I hit this bug

    stack smashing attack in function command_process_cell()

when running the new tor-0.2.1.19 compiled for embedded x86 system,
static linking.  The toolchain is

    gcc --version => gcc (GCC) 3.4.6 (Gentoo Hardened 3.4.6-r2 p1.6,
ssp-3.4.6-1.0, pie-8.7.10)
    uclibc-0.9.28
    binutils-2.18

The stack smashing protector is triggered after tor is up and fully
running, ie after it has bootstrapped, checked that its ports are
reacheable, performed bandwidth-self test and started relaying.  The
easiest workaround is to disable ssp in the compiler which is undesireable.

I manually audited command_process_cell() and it looks fairly innocent. 
Any suggestions from the gurus before I start a full blown attack on
this bug.

This problem was not present in 0.2.0.35 and below.

<http://www.torproject.org/dist/tor-0.2.1.19.tar.gz>

-- 

Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA

(716) 829-8197



Attachment: signature.asc
Description: OpenPGP digital signature