Opened 8 months ago

Closed 8 months ago

#28939 closed defect (fixed)

Fix buffer overflow in src/test/test_voting_flags.c

Reported by: kjak Owned by:
Priority: Medium Milestone:
Component: Core Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In setup_cfg() in src/test/test_voting_flags.c a memset is used to write DIGEST256_LEN (32) bytes into signed_descriptor_digest of length DIGEST_LEN (20).

I see 12 bytes of the previously-filled identity_digest being overwritten.

PR to follow.

Child Tickets

Change History (2)

comment:1 Changed 8 months ago by kjak

Status: newneeds_review

comment:2 Changed 8 months ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Looks good to me. Bug not in any released Tor, so no changes/ file is required. Merging!

Note: See TracTickets for help on using tickets.