Skip to content
  • stoeckmann's avatar
    Fixed tor_vasprintf on systems without vasprintf. · 0d5a0b4f
    stoeckmann authored and Nick Mathewson's avatar Nick Mathewson committed
    If tor is compiled on a system with neither vasprintf nor _vscprintf,
    the fallback implementation exposes a logic flaw which prevents
    proper usage of strings longer than 127 characters:
    * tor_vsnprintf returns -1 if supplied buffer is not large enough,
      but tor_vasprintf uses this function to retrieve required length
    * the result of tor_vsnprintf is not properly checked for negative
      return values
    Both aspects together could in theory lead to exposure of uninitialized
    stack memory in the resulting string. This requires an invalid format
    string or data that exceeds integer limitations.
    Fortunately tor is not even able to run with this implementation because
    it runs into asserts early on during startup. Also the unit tests fail
    during a "make check" run.
    Signed-off-by: default avatarTobias Stoeckmann <>
      [backported to 0.2.9 by nickm]