Re: [tor-bugs] #14013 [Core Tor/Tor]: base16_decode() API is inconsistent and error-prone

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#14013: base16_decode() API is inconsistent and error-prone
-----------------------------------+------------------------------------
 Reporter:  nickm                  |          Owner:  nikkolasg
     Type:  defect                 |         Status:  needs_revision
 Priority:  High                   |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor           |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  lorax, review-group-3  |  Actual Points:
Parent ID:                         |         Points:  1
 Reviewer:  dgoulet                |        Sponsor:  SponsorS-can
-----------------------------------+------------------------------------
Changes (by nickm):

 * status:  merge_ready => needs_revision


Comment:

 requested changes:
   * require that destlen be less than SSIZE_MAX. Otherwise the cast in
 base16_decode isn't safe.
   * document what happens if destlen is greater than or less than
 srclen/2.
   *

 {{{
 +      ok = base16_decode(id, DIGEST_LEN, cp+strlen("id="),
 +                         strlen(cp)-strlen("id=")) != DIGEST_LEN ? 0 : 1;
 }}}

 would make more sense as `ok = (base16_decode(...) == DIGEST_LEN)`

   * Why is the comparison in decode_hashed_passwords < rather than != ?

 To consider:
   * Should we make all of these functions clear the unused portion of the
 output buffer?
   * Is it possible that we missed any instances of base16_decode() ?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14013#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs