Fix an uninitialized-read when parsing v3 introduction requests.

Fortunately, later checks mean that uninitialized data can't get sent to the network by this bug. Unfortunately, reading uninitialized heap *can* (in some cases, with some allocators) cause a crash if you get unlucky and go off the end of a page. Found by asn. Bugfix on 0.2.4.1-alpha.
author: Nick Mathewson <nickm@torproject.org> 2013-08-05 11:40:33 -0400
committer: Roger Dingledine <arma@torproject.org> 2013-08-10 17:49:51 -0400
commit: d5cfbf96a2dbbee4501da92d5a21d0c66732ae24 (patch)
tree: 2a4983a697ac6dc5faf87b39460cb03edbbe5f88 /changes/v3_intro_len
parent: 0a0f93d277046a524740ad110060abf8ed137b8f (diff)
download: tor-d5cfbf96a2dbbee4501da92d5a21d0c66732ae24.tar
tor-d5cfbf96a2dbbee4501da92d5a21d0c66732ae24.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/v3_intro_len b/changes/v3_intro_len
new file mode 100644
index 000000000..fbe39bce3
--- /dev/null
+++ b/changes/v3_intro_len
@@ -0,0 +1,8 @@
+  o Major bugfixes:
+
+    - Fix an uninitialized read that could (in some cases) lead to a remote
+      crash while parsing INTRODUCE 1 cells. (This is, so far as we know,
+      unrelated to the recent news.)  Fixes bug XXX; bugfix on
+      0.2.4.1-alpha. Anybody running a hidden service on the experimental
+      0.2.4.x branch should upgrade.
+
author	Nick Mathewson <nickm@torproject.org>	2013-08-05 11:40:33 -0400
committer	Roger Dingledine <arma@torproject.org>	2013-08-10 17:49:51 -0400
commit	d5cfbf96a2dbbee4501da92d5a21d0c66732ae24 (patch)
tree	2a4983a697ac6dc5faf87b39460cb03edbbe5f88 /changes/v3_intro_len
parent	0a0f93d277046a524740ad110060abf8ed137b8f (diff)
download	tor-d5cfbf96a2dbbee4501da92d5a21d0c66732ae24.tar tor-d5cfbf96a2dbbee4501da92d5a21d0c66732ae24.tar.gz