#33619: Resolve TROVE-2020-004
-------------------------------------------------+-------------------------
Reporter: nickm | Owner: (none)
Type: defect | Status: closed
Priority: Medium | Milestone: Tor:
| 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution: fixed
Keywords: 041-backport 042-backport | Actual Points: 1
043-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by nickm):
* status: new => closed
* actualpoints: => 1
* milestone: Tor: 0.4.4.x-final => Tor: 0.4.1.x-final
* keywords: => 041-backport 042-backport 043-backport
* resolution: => fixed
Old description:
New description:
This is a remotely triggerable memory leak on relays and clients, found by
tobias pulls.
The issue is that when circpad_setup_machine_on_circ() is reached with an
inconsistent internal configuration, it fails to free an object that is
replaced. It logs a bug warning, but that isn't enough.
Tobias Pulls found that this code was actually reachable, though, and
results in a memory leak.
--
Comment:
We fix this in 78bcfc1280b322ba57a10a116457616eeb742ab6, with a fix that
avoids the memory leak and prevents us from spamming the logs. It does
not fix the underlying issue where the code that wasn't supposed to be
reachable is actually reached.
This is a "medium" severity issue, and is also tracked as CVE-2020-10593.
This fix has been merged to all ''supported'' affected releases (0.4.1.x
and later).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33619#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
