#20894: Resolve read-off-end-of-buffer on atoi in fetch_from_buf_http (TROVE-2016-10-001) ---------------------------------------+----------------------------------- Reporter: teor | Owner: nickm Type: defect | Status: needs_review Priority: High | Milestone: Tor: | 0.3.0.x-final Component: Core Tor/Tor | Version: Tor: unspecified Severity: Normal | Resolution: Keywords: tor-03-unspecified-201612 | Actual Points: Parent ID: | Points: 0.5 Reviewer: | Sponsor: ---------------------------------------+----------------------------------- Changes (by nickm):
* status: needs_revision => needs_review Comment: > Can headers+headerlen can wrap here? I believe it can't, since headers is a pointer to a place in a buffer, and headerlen is an amount of memory that's readable at that point. I've forward-ported to 0.2.9, moved the unit test, added a correct use of STATIC, and credited AFL in a branch `bug20894_029_v3`. I'm fine taking this in 0.3.0 or 0.2.9. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20894#comment:10> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs