ASan stack-buffer-overflow in prune_v2_cipher_list -- not exploitable
Found a minor buffer overflow when running live relay with 'tor' and 'openssl' both compiled with AddressSanitizer.
tortls.c:1492: unsigned char cipherid;
should be three characters and the final byte initialized to zero for
to function correctly and to avoid an ASan access exception.
Tested patch that resolves this issue is attached.
Compiled with gcc 4.8.1 and with these added options:
-O1 # instead of -O2 -fsanitize=address -fno-omit-frame-pointer
--param ssp-buffer-size=1 -fsanitize=address