[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #9200 [Tor]: named_flag[v_sl_idx] check when computing chosen_name in dirvote.c is wrong

To: undisclosed-recipients:;
Subject: [tor-bugs] #9200 [Tor]: named_flag[v_sl_idx] check when computing chosen_name in dirvote.c is wrong
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 03 Jul 2013 15:55:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 03 Jul 2013 11:55:49 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9200: named_flag[v_sl_idx] check when computing chosen_name in dirvote.c is wrong
----------------------+-----------------------------------------------------
 Reporter:  nickm     |          Owner:                    
     Type:  defect    |         Status:  new               
 Priority:  major     |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor       |        Version:                    
 Keywords:  tor-auth  |         Parent:                    
   Points:            |   Actualpoints:                    
----------------------+-----------------------------------------------------
 When we look to see whether the Named flag is set on a vote, we do:
 {{{
    rs->flags & (U64_LITERAL(1) << named_flag[v_sl_idx])
 }}}
 without checking whether named_flag[v_sl_idx] is >= 0.  This can invoke
 undefined behavior!

 Now, in practice, on x86 chips with gcc or clang, assuming no excessive
 compiler cleverness, this is probably just going to result in a check of
 bit 63, which won't be in use unless the directory authority has listed 63
 flag.  So it won't break the voting algorithm so long as all directories
 are honest.

 But all-honest directories is ''not'' our assumption, so this should get
 fixed in the next release.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9200>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #9200 [Tor]: named_flag[v_sl_idx] check when computing chosen_name in dirvote.c is wrong
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #9200 [Tor]: named_flag[v_sl_idx] check when computing chosen_name in dirvote.c is wrong
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #9200 [Tor]: named_flag[v_sl_idx] check when computing chosen_name in dirvote.c is wrong
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #9200 [Tor]: named_flag[v_sl_idx] check when computing chosen_name in dirvote.c is wrong
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #9199 [BridgeDB]: Rethink the logging of BridgeDB
Next by Author: Re: [tor-bugs] #9156 [BridgeDB]: BridgeDB: Users try to add obfsbridges to their normal TBB
Previous by thread: Re: [tor-bugs] #9199 [BridgeDB]: Rethink the logging of BridgeDB
Next by thread: Re: [tor-bugs] #9200 [Tor]: named_flag[v_sl_idx] check when computing chosen_name in dirvote.c is wrong
Index(es):
- Author
- Thread