[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17852 [Tor]: Tor Daemon hardening: Fix complaints from FlawFinder.



#17852: Tor Daemon hardening: Fix complaints from FlawFinder.
----------------------+------------------------------------
 Reporter:  jsturgix  |          Owner:
     Type:  defect    |         Status:  needs_review
 Priority:  Medium    |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor       |        Version:  Tor: 0.2.7
 Severity:  Normal    |     Resolution:
 Keywords:            |  Actual Points:
Parent ID:            |         Points:
  Sponsor:            |
----------------------+------------------------------------

Comment (by nickm):

 Replying to [comment:5 jsturgix]:
 > Sorry so much time has passed before attempting a revision....
 >
 > 86a5305d46175c5d0c67564d3ee4e86a27f0c460:
 > . This commit changes several snprintf() to tor_snprintf().  Is the
 comment about strlcat() only working if UNICODE not defined apply to a
 specific change or all of them?  I'm probably missing something obvious,
 but where is the tie to strlcat()?

 Whoops!  That comment should have referred to
 5995489b9b67c6f10e1a9eca19b2fc0f8379e4bf .

 When you do
 {{{
 @@ -3487,8 +3487,10 @@ load_windows_system_library(const TCHAR
 *library_name)
    n = GetSystemDirectory(path, MAX_PATH);
    if (n == 0 || n + _tcslen(library_name) + 2 >= MAX_PATH)
      return 0;
 -  _tcscat(path, TEXT("\\"));
 -  _tcscat(path, library_name);
 +  /* _tcscat:Does not check for buffer overflows when concatenating
 +   * to destination. */
 +  strlcat(path, TEXT("\\"), MAX_PATH);
 +  strlcat(path, library_name, MATH_PATH);
    return LoadLibrary(path);
  }
 }}}

 On windows, when UNICODE is defined, TCHAR is a WCHAR, not a char.

 We could either merge the rest of the branch, or wait for a fixup on that
 issue.  Thoughts?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17852#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs