Hi! There's a security advisory for Libevent here: http://archives.seul.org/libevent/users/Jan-2015/msg00010.html Briefly: there are integer overflows in the evbuffer code, such that if an application can be tricked into trying add a ridiculously huge amount of data to an evbuffer in a single chunk, there could be a heap overflow or infinite loop. (Most applications using libevent cannot actually be tricked into doing this.)
Some of you will likely be wondering: "Tor uses Libevent. Does this affect Tor?" The answer is: this does not affect Tor. 1. In the way that most people build Tor, the relevant "evbuffer" feature in Libevent is not used. 2. When Tor is compiled with the (experimental, rarely used) --enable-bufferevents option, Tor doesn't actually work. Also, I do not believe that any of the Tor code for that case has any of the programming mistakes that would turn the Libevent bug into a vulnerability. 3. Some of our older pluggable transport code uses Libevent too. On an audit, I found that it does not appear to have any of the programming mistakes that would turn the Libevent bug into a vulnerability. So, no worries here on the Tor front, if my analysis is right. best wishes, -- Nick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
