aboutsummaryrefslogtreecommitdiff
path: root/contrib/win32build
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-06-10 11:11:47 -0400
committerNick Mathewson <nickm@torproject.org>2014-06-10 11:11:47 -0400
commitcca6198c777dba463aeb4a8fba6a953cde9576a8 (patch)
tree2cb2e22153be37e2a097b2244df233dfe5fddefb /contrib/win32build
parent8d9602c21ccc0d93c82c651d94791df88cf4c9ad (diff)
downloadtor-cca6198c777dba463aeb4a8fba6a953cde9576a8.tar
tor-cca6198c777dba463aeb4a8fba6a953cde9576a8.tar.gz
Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in the "v2 link protocol cipher list" that are supported by Tor's openssl. It does this by invoking ssl23_get_cipher_by_char on each two-byte ciphersuite ID to see which ones give a match. But when ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS ciphersuite ID, it checks to see whether it has a match for a three-byte SSL2 ciphersuite ID. This was causing a read off the end of the 'cipherid' array. This was probably harmless in practice, but we shouldn't be having any uninitialized reads. (Using ssl23_get_cipher_by_char in this way is a kludge, but then again the entire existence of the v2 link protocol is kind of a kludge. Once Tor 0.2.2 clients are all gone, we can drop this code entirely.) Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
Diffstat (limited to 'contrib/win32build')
0 files changed, 0 insertions, 0 deletions