Crash bug in tor_timegm
|Reported by:||nickm||Owned by:|
|Priority:||Very High||Milestone:||Tor: 0.2.2.x-final|
It looks like the assertion in tor_timegm is triggerable with bad inputs, according to asn. That's no good: we call it on untrusted inputs from directory objects.
Latest version of my preferred fix is in branch "timegm_assert_v2". It needs a little cleanup and a changes file. It might not be minimal.
|#6832||Add a unit test of the offending tor_timegm() input|
Change History (6)
comment:4 Changed 4 years ago by nickm
- Resolution set to fixed
- Status changed from needs_review to closed