[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21278 [Core Tor/Tor]: Avoid signed integer underflow when comparing versions (Fix TROVE-2017-001)

Subject: Re: [tor-bugs] #21278 [Core Tor/Tor]: Avoid signed integer underflow when comparing versions (Fix TROVE-2017-001)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 14 Feb 2017 09:06:13 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 14 Feb 2017 04:06:23 -0500
In-reply-to: <045.5dd33e67f27439bd6b289ce7246d7331@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.5dd33e67f27439bd6b289ce7246d7331@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21278: Avoid signed integer underflow when comparing versions (Fix TROVE-2017-001)
--------------------------+------------------------------------
 Reporter:  nickm         |          Owner:  nickm
     Type:  defect        |         Status:  needs_revision
 Priority:  Medium        |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  029-backport  |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by arma):

 Replying to [comment:3 nickm]:
 > My branch `bug21278_024_v2` tries to fix this

 I pushed a `bug21278_024_v3` branch that has an extra commit to better
 document the new function.

 That said, I think your commits 2c768c2c0 and 54e2e027 are only for dir
 auths, right? So there isn't any point in backporting them earlier than
 0.2.9?

 Speaking of which, for 4e720ad7 which looks like the main fix here, the
 changelog stanza says {{{This bug is harmless, except when Tor has been
 build with --enable-expensive-hardening, which would turn it into a
 crash.}}} Am I remembering correctly that only recent Tor branches have
 put expensive-hardening on by default? That is, the earlier fix for this
 TROVE (i.e. disabling ftrapv) only went into 0.2.9.x and 0.3.0.x? Why
 backport a fix for a harmless bug so far back? :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21278#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #21570 [Core Tor/Tor]: Tor should display chutney warnings during 'make test-network-all'
Next by Author: Re: [tor-bugs] #21438 [Internal Services/Tor Sysadmin Team]: Please move orestis to a host with faster I/O
Previous by thread: Re: [tor-bugs] #21278 [Core Tor/Tor]: Avoid signed integer underflow when comparing versions (Fix TROVE-2017-001)
Next by thread: Re: [tor-bugs] #21278 [Core Tor/Tor]: Avoid signed integer underflow when comparing versions (Fix TROVE-2017-001)
Index(es):
- Author
- Thread