Delivery-Date: Mon, 05 Jan 2015 10:43:37 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E0E7A1E0331
	for <archiver@seul.org>; Mon,  5 Jan 2015 10:43:35 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8586332B32;
	Mon,  5 Jan 2015 15:43:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 633E7325D8
 for <tor-talk@lists.torproject.org>; Mon,  5 Jan 2015 15:43:29 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZixoFYUTDKiL for <tor-talk@lists.torproject.org>;
 Mon,  5 Jan 2015 15:43:29 +0000 (UTC)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com
 [IPv6:2a00:1450:4010:c03::236])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 0B2883216E
 for <tor-talk@lists.torproject.org>; Mon,  5 Jan 2015 15:43:29 +0000 (UTC)
Received: by mail-la0-f54.google.com with SMTP id pv20so18491740lab.13
 for <tor-talk@lists.torproject.org>; Mon, 05 Jan 2015 07:43:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:date:message-id:subject:from:to:content-type;
 bh=DMtvU6r2BBblTwTt1ocOkz8lmRC+mEIuWw8GaHtVduU=;
 b=crISJbkFv52MmpkMRT+v7kyzZIRe4DdM+k3b5YuJpVOdSQfrO1zaGXyPNT7ii2GLB9
 qy2AvvisZe1J6Bwf0xHyAhD/7/x/ErCPTQSnFldoAfeLep5nAIe1nlCDT0npA4qjRglR
 FIMbM4B+Om0Fufs3sztEAf4zN662LtfIwfPIlVKXGlNtJN1N5OBcEviMUND4FiNVGskL
 O8o7QmBnnF0BsZTWUad/8inhhqLKP1ch4O2+BGjeXgMBj8ud4fEPZpwQKxpqADjNXoHr
 JulGp2FPHCG9hrNYo2rg/9AaS9tIFBvHcQrVmWVc3iu4GrJCYTmdPjrYyBRkaWY72aLG
 mVJQ==
MIME-Version: 1.0
X-Received: by 10.112.198.1 with SMTP id iy1mr92359009lbc.13.1420472605832;
 Mon, 05 Jan 2015 07:43:25 -0800 (PST)
Received: by 10.112.19.9 with HTTP; Mon, 5 Jan 2015 07:43:25 -0800 (PST)
Date: Mon, 5 Jan 2015 10:43:25 -0500
X-Google-Sender-Auth: w7PA_I3iEURI_UK0MCQ6A_gj5JQ
Message-ID: <CAKDKvuwrEW+2AC6W8XcOQhWBR2i4tTKZLCi13xDkX1ewcFxKkw@mail.gmail.com>
From: Nick Mathewson <nickm@torproject.org>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
Subject: [tor-talk] Libevent CVE-2014-6272 does not affect Tor
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi!

There's a security advisory for Libevent here:
   http://archives.seul.org/libevent/users/Jan-2015/msg00010.html
Briefly: there are integer overflows in the evbuffer code, such that
if an application can be tricked into trying add a ridiculously huge
amount of data to an evbuffer in a single chunk, there could be a heap
overflow or infinite loop.  (Most applications using libevent cannot
actually be tricked into doing this.)

Some of you will likely be wondering: "Tor uses Libevent. Does this affect Tor?"

The answer is:  this does not affect Tor.

1. In the way that most people build Tor, the relevant "evbuffer"
feature in Libevent is not used.

2. When Tor is compiled with the (experimental, rarely used)
--enable-bufferevents option, Tor doesn't actually work.  Also, I do
not believe that any of the Tor code for that case has any of the
programming mistakes that would turn the Libevent bug into a
vulnerability.

3. Some of our older pluggable transport code uses Libevent too.  On
an audit, I found that it does not appear to have any of the
programming mistakes that would turn the Libevent bug into a
vulnerability.

So, no worries here on the Tor front, if my analysis is right.

best wishes,
-- 
Nick
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

