[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27373 [Core Tor/Tor]: add UTF-8 validation code

#27373: add UTF-8 validation code
---------------------------------+------------------------------------
 Reporter:  cyberpunks           |          Owner:  (none)
     Type:  task                 |         Status:  needs_revision
 Priority:  Medium               |      Milestone:  Tor: 0.3.6.x-final
Component:  Core Tor/Tor         |        Version:
 Severity:  Normal               |     Resolution:
 Keywords:  rust-wants, prop285  |  Actual Points:
Parent ID:  #24033               |         Points:
 Reviewer:                       |        Sponsor:
---------------------------------+------------------------------------
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 The tests are missing the following valid edge cases:
 * a zero-length string
 * the scalar value U+00
 * Unicode byte order mark (BOM, U+FEFF)
 * Byte-swapped BOMs (U+FFFE)

 Note the serialisations of these values:
 https://gitweb.torproject.org/torspec.git/tree/proposals/285-utf-8.txt#n104

 Please also fix the code so it passes CI:
 * https://travis-ci.org/teor2345/tor/builds/421877256
 * https://ci.appveyor.com/project/teor2345/tor/build/1.0.103

 {{{
 util/validate_utf8:
 =================================================================
 ==19689== ERROR: AddressSanitizer: global-buffer-overflow on address
 0x556399c41968 at pc 0x556399a0db8b bp 0x7ffce271cd70 sp 0x7ffce271cd68
 READ of size 1 at 0x556399c41968 thread T0
     #0 0x556399a0db8a
 (/home/travis/build/teor2345/tor/src/test/test+0x910b8a)
     #1 0x556399666958
 (/home/travis/build/teor2345/tor/src/test/test+0x569958)
     #2 0x5563996bf00c
 (/home/travis/build/teor2345/tor/src/test/test+0x5c200c)
     #3 0x5563996bf2a5
 (/home/travis/build/teor2345/tor/src/test/test+0x5c22a5)
     #4 0x5563996c018a
 (/home/travis/build/teor2345/tor/src/test/test+0x5c318a)
     #5 0x5563992fc40d
 (/home/travis/build/teor2345/tor/src/test/test+0x1ff40d)
     #6 0x1456be049f44 (/lib/x86_64-linux-gnu/libc-2.19.so+0x21f44)
     #7 0x55639930061a
 (/home/travis/build/teor2345/tor/src/test/test+0x20361a)
 0x556399c41968 is located 56 bytes to the left of global variable '*.LC663
 (src/test/test_util.c)' (0x556399c419a0) of size 10
 0x556399c41968 is located 0 bytes to the right of global variable '*.LC662
 (src/test/test_util.c)' (0x556399c41960) of size 8
   '*.LC662 (src/test/test_util.c)' is ascii string 'ascii
 '
 Shadow bytes around the buggy address:
   0x0aacf33802d0: 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
   0x0aacf33802e0: 07 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 06 f9
   0x0aacf33802f0: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
   0x0aacf3380300: 00 00 07 f9 f9 f9 f9 f9 00 00 00 00 00 04 f9 f9
   0x0aacf3380310: f9 f9 f9 f9 00 00 00 00 00 04 f9 f9 f9 f9 f9 f9
 =>0x0aacf3380320: 00 00 00 00 00 04 f9 f9 f9 f9 f9 f9 00[f9]f9 f9
   0x0aacf3380330: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 02 f9 f9 f9
   0x0aacf3380340: f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 03 f9 f9 f9
   0x0aacf3380350: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 03 f9 f9 f9
   0x0aacf3380360: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
   0x0aacf3380370: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
 Shadow byte legend (one shadow byte represents 8 application bytes):
   Addressable:           00
   Partially addressable: 01 02 03 04 05 06 07
   Heap left redzone:     fa
   Heap righ redzone:     fb
   Freed Heap region:     fd
   Stack left redzone:    f1
   Stack mid redzone:     f2
   Stack right redzone:   f3
   Stack partial redzone: f4
   Stack after return:    f5
   Stack use after scope: f8
   Global redzone:        f9
   Global init order:     f6
   Poisoned by user:      f7
   ASan internal:         fe
 ==19689== ABORTING
 }}}
 https://travis-ci.org/teor2345/tor/jobs/421877257#L6314

 {{{
 perl ../scripts/maint/checkSpace.pl -C \
         ../src/lib/*/*.[ch] \
         ../src/core/*/*.[ch] \
         ../src/feature/*/*.[ch] \
         ../src/app/*/*.[ch] \
         ../src/test/*.[ch] \
         ../src/test/*/*.[ch] \
         ../src/tools/*.[ch]
 make[2]: Entering directory '/c/projects/tor/i686-w64-mingw32'
 ...
 tp fn():../src/lib/string/util_string.c:476
 tp fn():../src/lib/string/util_string.c:482
 bash.exe : make[1]: *** [Makefile:15841: check-spaces] Error 1
 At line:2 char:5
 +     & $commandPath $args 2>&1
 +     ~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : NotSpecified: (make[1]: *** [M...spaces]
 Error 1:String) [], RemoteException
     + FullyQualifiedErrorId : NativeCommandError

 make[1]: *** Waiting for unfinished jobs....
 }}}
 https://ci.appveyor.com/project/teor2345/tor/build/1.0.103/job/au99ya2f1vkqynas#L2466

 We usually document each macro and function, describing what it does, the
 arguments, and the return value.

 If you could write a changes file, that would be great. Otherwise, someone
 will do it eventually:
 https://gitweb.torproject.org/tor.git/tree/doc/HACKING/CodingStandards.md#n95

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27373#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs