kc3-lang/libevent

• Browse

  Commit

• Author : Nick Mathewson
  Date : 2015-01-05 09:32:53
  Hash : 841ecbd9
  Message : Fix CVE-2014-6272 in Libevent 2.1 For this fix, we need to make sure that passing too-large inputs to the evbuffer functions can't make us do bad things with the heap. Also, lower the maximum chunk size to the lower of off_t, size_t maximum. This is necessary since otherwise we could get into an infinite loop if we make a chunk that 'misalign' cannot index into.