[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #28202 [Core Tor/Tor]: Bad end-of-string check in get_next_token (CID various)

To: undisclosed-recipients: ;
Subject: [tor-bugs] #28202 [Core Tor/Tor]: Bad end-of-string check in get_next_token (CID various)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 25 Oct 2018 13:03:01 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 25 Oct 2018 09:03:10 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#28202: Bad end-of-string check in get_next_token (CID various)
-------------------------+-------------------------------------------------
     Reporter:  nickm    |      Owner:  (none)
         Type:  defect   |     Status:  new
     Priority:  Medium   |  Milestone:  Tor: 0.3.5.x-final
    Component:  Core     |    Version:
  Tor/Tor                |   Keywords:  029-backport 033-backport
     Severity:  Normal   |  034-backport
Actual Points:           |  Parent ID:
       Points:           |   Reviewer:
      Sponsor:           |
-------------------------+-------------------------------------------------
 There's a coverity warning about an overflow in test_parsecommmon.  I
 think it is happening because of this code:
 {{{
  *s + 16 >= eol
 }}}

 That's the wrong way to test for end-of-string, since C says that *s+16 is
 undefined behavior if the resulting pointer would be more than 1 off the
 end of the allocated byte array.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28202>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #28202 [Core Tor/Tor]: Bad end-of-string check in get_next_token (CID various)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28202 [Core Tor/Tor]: Bad end-of-string check in get_next_token (CID various)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28202 [Core Tor/Tor]: Bad end-of-string check in get_next_token (CID various)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28202 [Core Tor/Tor]: Bad end-of-string check in get_next_token (CID various)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28202 [Core Tor/Tor]: Bad end-of-string check in get_next_token (CID various)
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #28107 [Applications/Tor Browser]: Tor Browser 8.0 turns off VP9 videos when detects low fps
Next by Author: Re: [tor-bugs] #26787 [Core Tor/Tor]: Core file left on travis hardened rust builld
Previous by thread: Re: [tor-bugs] #28201 [Applications/Tor Browser]: about:support shows "Firefox" (was: about:support shows Firefox)
Next by thread: Re: [tor-bugs] #28202 [Core Tor/Tor]: Bad end-of-string check in get_next_token (CID various)
Index(es):
- Author
- Thread