| commit | d978216dea6b21ac38230a59d172139185a68dbd | |
| author | Nick Mathewson <nickm@torproject.org> | |
| Mon, 19 Dec 2016 01:13:58 +0000 (18 20:13 -0500) | ||
| committer | Nick Mathewson <nickm@torproject.org> | |
| Mon, 19 Dec 2016 01:17:24 +0000 (18 20:17 -0500) | ||
| tree | 07f527c928e9afabc31aed646816e9462e704d0e | treesnapshot (tar.gz zip) |
| parent | 9db47e792160766de49b76bff71afdc4f743df88 | commitdiff |
Fix parsing bug with unecognized token at EOS
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.
This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.
Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.
This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.
Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
| changes/bug21018 | [new file with mode: 0644] | blob |
| src/or/routerparse.c | diffblobblamehistory |