#8037: Specialy crafter microdesc could trigger to flush up to 16MB uninited
heap
allocated memory to media
----------------------------+-----------------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: needs_review
Priority: minor | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client easy
Parent: | Points:
Actualpoints: |
----------------------------+-----------------------------------------------
Comment(by cypherpunks):
> But maybe we should just check for NUL bytes and reject the descriptor
if they're present.
Not instead but together with it. Cache copying of every document should
be consisted to one way, strndup or memdup. We need to think about binary
document future right now.
tokenize_string could to check for NUL byte if ''const char *end''
present.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8037#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
