[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22626 [Core Tor/Tor]: Missing stream NULL check in tor_compress_impl

Subject: Re: [tor-bugs] #22626 [Core Tor/Tor]: Missing stream NULL check in tor_compress_impl
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 16 Jun 2017 22:22:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 16 Jun 2017 18:23:10 -0400
In-reply-to: <044.105f2fc6ba7df22fcba2926755858320@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.105f2fc6ba7df22fcba2926755858320@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22626: Missing stream NULL check in tor_compress_impl
---------------------------+------------------------------------
 Reporter:  teor           |          Owner:  ahf
     Type:  defect         |         Status:  assigned
 Priority:  Medium         |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor   |        Version:  Tor: 0.3.1.1-alpha
 Severity:  Normal         |     Resolution:
 Keywords:  memory-safety  |  Actual Points:
Parent ID:  #22502         |         Points:  1
 Reviewer:                 |        Sponsor:
---------------------------+------------------------------------

Comment (by teor):

 I wonder if it would be best to tor_assert() on UNKNOWN_METHOD, or BUG(),
 and then return a non-NULL state. An edge case where we don't check state
 correctly before calling could easily turn into a DoS bug.
 {{{
     case UNKNOWN_METHOD:
       goto err;
   }

   atomic_counter_add(&total_compress_allocation,
                      sizeof(tor_compress_state_t));
   return state;

  err:
   tor_free(state);
   return NULL;
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22626#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #22626 [Core Tor/Tor]: Missing stream NULL check in tor_compress_impl
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #22681 [Metrics/Onionoo]: adapt onionoo to use metrics-lib 1.9.0
Next by Author: Re: [tor-bugs] #22653 [Core Tor/Tor]: upgrading Tor-0.2.9.10 to Tor-0.3.0.8 fails to build circuits
Previous by thread: Re: [tor-bugs] #22626 [Core Tor/Tor]: Missing stream NULL check in tor_compress_impl
Next by thread: Re: [tor-bugs] #22626 [Core Tor/Tor]: Missing stream NULL check in tor_compress_impl
Index(es):
- Author
- Thread