[tor-bugs] #30561 [Core Tor/Tor]: Fixed tor_vasprintf on systems without vasprintf.

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#30561: Fixed tor_vasprintf on systems without vasprintf.
--------------------------+------------------------------
 Reporter:  paldium       |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Low           |      Component:  Core Tor/Tor
  Version:  Tor: 0.4.0.5  |       Severity:  Minor
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------
 If tor is compiled on a system with neither vasprintf nor _vscprintf,
 the fallback implementation exposes a logic flaw which prevents
 proper usage of strings longer than 127 characters:

 * tor_vsnprintf returns -1 if supplied buffer is not large enough,
   but tor_vasprintf uses this function to retrieve required length
 * the result of tor_vsnprintf is not properly checked for negative
   return values

 Both aspects together could in theory lead to exposure of uninitialized
 stack memory in the resulting string. This requires an invalid format
 string or data that exceeds integer limitations.

 Fortunately tor is not even able to run with this implementation because
 it runs into asserts early on during startup. Also the unit tests fail
 during a "make check" run.

 At this point it would make sense to check if support for these systems is
 still a desired option. It seems that nobody noticed lack of support for
 at least a year.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30561>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs