Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • release-0.4.7
  • maint-0.4.7
  • release-0.4.5
  • maint-0.4.5
  • release-0.4.6
  • maint-0.4.6
  • release-0.3.5
  • maint-0.3.5
  • release-0.4.4
  • maint-0.4.4
  • release-0.4.3
  • maint-0.4.3
  • maint-0.4.2
  • release-0.4.2
  • maint-0.4.1
  • release-0.4.1
  • maint-0.4.0
  • release-0.4.0
  • release-0.2.9
  • tor-0.4.7.12
  • tor-0.4.5.15
  • tor-0.4.7.11
  • tor-0.4.7.10
  • tor-0.4.6.12
  • tor-0.4.5.14
  • tor-0.4.7.9
  • tor-0.4.6.11
  • tor-0.4.5.13
  • tor-0.4.7.8
  • tor-0.4.8.0-alpha-dev
  • tor-0.4.7.7
  • tor-0.4.7.6-rc
  • tor-0.4.7.5-alpha
  • tor-0.4.7.4-alpha
  • tor-0.4.6.10
  • tor-0.4.5.12
  • tor-0.3.5.18
  • tor-0.4.7.3-alpha
  • tor-0.4.6.9
40 results
Compare
Forked from The Tor Project / Core / Tor
28243 commits behind the upstream repository.
Nick Mathewson's avatar
Always nul-terminate the result passed to evdns_server_add_ptr_reply
Nick Mathewson authored 
In dnsserv_resolved(), we carefully made a nul-terminated copy of the
answer in a PTR RESOLVED cell... then never used that nul-terminated
copy.  Ouch.

Surprisingly this one isn't as huge a security problem as it could be.
The only place where the input to dnsserv_resolved wasn't necessarily
nul-terminated was when it was called indirectly from relay.c with the
contents of a relay cell's payload.  If the end of the payload was
filled with junk, eventdns.c would take the strdup() of the name [This
part is bad; we might crash there if the cell is in a bad part of the
stack or the heap] and get a name of at least length
495[*]. eventdns.c then rejects any name of length over 255, so the
bogus data would be neither transmitted nor altered.

  [*] If the name was less than 495 bytes long, the client wouldn't
     actually be reading off the end of the cell.

Nonetheless this is a reasonably annoying bug.  Better fix it.

Found while looking at bug 2332, reported by doorss.  Bugfix on
0.2.0.1-alpha.
a16902b9
History
Nick Mathewson's avatar a16902b9
History
Name Last commit Last update
Win32Build
changes
contrib
doc
src
.gitignore
AUTHORS
ChangeLog
Doxyfile.in
INSTALL
LICENSE
Makefile.am
README
ReleaseNotes
acinclude.m4
autogen.sh
configure.in
tor.spec.in
README
Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure; make; make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO

Frequently Asked Questions:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ