[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

stack smashing attack in function command_process_cell()


I hit this bug

    stack smashing attack in function command_process_cell()

when running the new tor- compiled for embedded x86 system,
static linking.  The toolchain is

    gcc --version => gcc (GCC) 3.4.6 (Gentoo Hardened 3.4.6-r2 p1.6,
ssp-3.4.6-1.0, pie-8.7.10)

The stack smashing protector is triggered after tor is up and fully
running, ie after it has bootstrapped, checked that its ports are
reacheable, performed bandwidth-self test and started relaying.  The
easiest workaround is to disable ssp in the compiler which is undesireable.

I manually audited command_process_cell() and it looks fairly innocent. 
Any suggestions from the gurus before I start a full blown attack on
this bug.

This problem was not present in and below.



Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201

(716) 829-8197

Attachment: signature.asc
Description: OpenPGP digital signature