[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #19281 [Core Tor/Tor]: Potential heap corruption via `write_escaped_data` in control.c
#19281: Potential heap corruption via `write_escaped_data` in control.c
-------------------------------------------------+-------------------------
Reporter: asn | Owner: nickm
Type: defect | Status:
| merge_ready
Priority: High | Milestone: Tor:
| 0.3.2.x-final
Component: Core Tor/Tor | Version: Tor:
| unspecified
Severity: Normal | Resolution:
Keywords: tor-bug-bounty, heap-correctness, | Actual Points:
disaster-waiting-to-happen, review-group-22 |
Parent ID: | Points: 0.5
Reviewer: dgoulet | Sponsor:
| SponsorV-can
-------------------------------------------------+-------------------------
Changes (by dgoulet):
* status: needs_review => merge_ready
* reviewer: => dgoulet
Comment:
If by some miracle someone is able to pass a string that is of SIZE_MAX,
then I can assert my tor through the control port... Hmmm, I would say
unlikely that is possible because it would mean a string that has the
length of basically my entire RAM (?) ;).
{{{
+ tor_assert(len < SIZE_MAX - 9);
}}}
lgtm;
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19281#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs