Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#4529 closed defect (fixed)

tor_dup_addr(): buf[] uninited for some cases

Reported by: troll_un Owned by:
Priority: Medium Milestone: Tor: 0.2.2.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

If tor_dup_addr() called with addr's family another than AF_INET or AF_INET6 then call to tor_addr_to_str() leaves buf[] uninited. Calling tor_strdup(buf) with uninited array leads to duping trash with random length or segfault (if no zero bytes)

Child Tickets

Change History (5)

comment:1 Changed 8 years ago by nickm

Milestone: Tor: 0.2.3.x-final

comment:2 Changed 8 years ago by nickm

Milestone: Tor: 0.2.3.x-finalTor: 0.2.2.x-final
Status: newneeds_review

Fix in branch bug4529 in my public repository. Seems obviously correct. Now targeting 0.2.2.x.

comment:3 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merging in 0.2.2 and master.

comment:4 Changed 7 years ago by nickm

Keywords: tor-client added

comment:5 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.