[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30920 [Core Tor/Tor]: Detect uint64 overflow in config_parse_units()

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #30920 [Core Tor/Tor]: Detect uint64 overflow in config_parse_units()
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 18 Sep 2019 10:15:30 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Sep 2019 06:15:40 -0400
In-reply-to: <045.c110bcb7dfb549d9988badaf01bc79d3@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.c110bcb7dfb549d9988badaf01bc79d3@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30920: Detect uint64 overflow in config_parse_units()
---------------------------+------------------------------------
 Reporter:  nickm          |          Owner:  (none)
     Type:  defect         |         Status:  new
 Priority:  Low            |      Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor   |        Version:
 Severity:  Minor          |     Resolution:
 Keywords:  easy overflow  |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+------------------------------------

Comment (by guigom):

 First of all, sorry for the late reply

 Replying to [comment:9 nickm]:
 > >  Is this the expected behavior, or should it fallback to UINT64_MAX?
 >
 > I think that's a better behavior for config_parse_memunit().  In the
 case of config_parse_memunit(), it's better that the user be told about
 the problem than to have us silently ignore their request.

 Understood, in that case is it ok to detect overflow inside
 config_parse_memunit() by check if nowrap_multiplication yielded
 UINTMAX_64? It seems quite strange in my opinion to specify such value
 explicitly.

 In addition to that I'm not sure if float multiplication should be handled
 as well or this ticket should just focus on unsigned integer.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30920#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #30534 [Applications/TorBirdy]: Torbirdy: While TorBirdy running cannot seem to get any Add-ons from the Add-on Manager
Next by Author: Re: [tor-bugs] #31549 [Core Tor/Tor]: Authorities should stop listing relays running pre-0.2.9, or running 0.3.0 through 0.3.4
Previous by thread: Re: [tor-bugs] #31776 [Applications/Tor Browser]: Expose security settings better to mobile users
Next by thread: Re: [tor-bugs] #30920 [Core Tor/Tor]: Detect uint64 overflow in config_parse_units()
Index(es):
- Author
- Thread