From d5cfbf96a2dbbee4501da92d5a21d0c66732ae24 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 5 Aug 2013 11:40:33 -0400 Subject: Fix an uninitialized-read when parsing v3 introduction requests. Fortunately, later checks mean that uninitialized data can't get sent to the network by this bug. Unfortunately, reading uninitialized heap *can* (in some cases, with some allocators) cause a crash if you get unlucky and go off the end of a page. Found by asn. Bugfix on 0.2.4.1-alpha. --- changes/v3_intro_len | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 changes/v3_intro_len (limited to 'changes') diff --git a/changes/v3_intro_len b/changes/v3_intro_len new file mode 100644 index 000000000..fbe39bce3 --- /dev/null +++ b/changes/v3_intro_len @@ -0,0 +1,8 @@ + o Major bugfixes: + + - Fix an uninitialized read that could (in some cases) lead to a remote + crash while parsing INTRODUCE 1 cells. (This is, so far as we know, + unrelated to the recent news.) Fixes bug XXX; bugfix on + 0.2.4.1-alpha. Anybody running a hidden service on the experimental + 0.2.4.x branch should upgrade. + -- cgit v1.2.3