[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17739 [Tor]: Refactor clock skew warning code to avoid duplication



#17739: Refactor clock skew warning code to avoid duplication
---------------------------------------------+-----------------------------
 Reporter:  teor                             |          Owner:
     Type:  enhancement                      |         Status:
 Priority:  Medium                           |  needs_revision
Component:  Tor                              |      Milestone:  Tor:
 Severity:  Normal                           |  0.2.8.x-final
 Keywords:  easy refactor TorCoreTeam201512  |        Version:  Tor:
Parent ID:  #9675                            |  unspecified
  Sponsor:                                   |     Resolution:
                                             |  Actual Points:
                                             |         Points:
---------------------------------------------+-----------------------------
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 We're almost there!

 Looks great, except for this one bit:
 {{{
   if (conn)
     tor_asprintf(&source, "%s:%s:%d", source, conn->address, conn->port);
 }}}

 We can't guarantee that source will be large enough to hold the combined
 strings of source, conn->address, and conn->port. (And reading from a
 string to print into itself is risky, even if it works. It's much nicer to
 take read-only strings.)

 Please use a (stack allocated) buffer that's large enough to hold a
 reasonable-length source / address / port string:
 * all the existing sources are under 20 characters long,
 * a max-length IPv6 address, and max-length port are MAX_ADDRESS_LENGTH
 long.

 If you use tor_snprintf, it will make sure you don't go over the length of
 the buffer.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17739#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs