[tor] libevent dns OOB read

The DNS code of Libevent contains this rather obvious OOB read: ```c 3122 static char * 3123 search_make_new(const struct search_state *const state, int n, const char *const base_name) { 3124 const size_t base_len = strlen(base_name); 3125 const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ``` If the length of ```base_name``` is 0, then line 3125 reads 1 byte before the buffer. This will trigger a crash on ASAN-protected builds. To reproduce: Build libevent with ASAN: ``` $ CFLAGS='-fomit-frame-pointer -fsanitize=address' ./configure && make -j4 ``` Put the attached ```resolv.conf``` and ```poc.c``` in the source directory and then do: ``` $ gcc -fsanitize=address -fomit-frame-pointer poc.c .libs/libevent.a $ ./a.out ================================================================= ==22201== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60060000efdf at pc 0x4429da bp 0x7ffe1ed47300 sp 0x7ffe1ed472f8 READ of size 1 at 0x60060000efdf thread T0 ``` This happens because I create a zero-length string in ```poc.c```: ```c char* hostname = malloc(32); memset(hostname, 0, 32); //hostname[0] = 'x'; ``` If you uncomment the last line, it will not crash. Guido