[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30920 [Core Tor/Tor]: Detect uint64 overflow in config_parse_units()



#30920: Detect uint64 overflow in config_parse_units()
---------------------------+------------------------------------
 Reporter:  nickm          |          Owner:  (none)
     Type:  defect         |         Status:  new
 Priority:  Low            |      Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor   |        Version:
 Severity:  Minor          |     Resolution:
 Keywords:  easy overflow  |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+------------------------------------
Changes (by teor):

 * milestone:  Tor: 0.4.2.x-final => Tor: 0.4.3.x-final


Comment:

 Replying to [comment:12 guigom]:
 > I haven't opened a PR yet but my branch for this ticket is in
 [https://github.com/JMGuisadoG/tor/tree/ticket30920]
 >
 > * Commit adding the u64_nowrap_mul & tests:
 >
 [https://github.com/JMGuisadoG/tor/commit/4dd5b593636a9f5944ca2069d1c22c2b4b03d335]
 >
 > * Commit adding the check for overflow inside mem_parse_units & enabling
 tests:
 >
 [https://github.com/JMGuisadoG/tor/commit/1ac4b346131fa0f49a5218553cd5d98affb82a76]

 Thanks!

 > Replying to [comment:11 teor]:
 > > Maybe we should fail on anything larger than SSIZE_T_MAX?
 > > (SSIZE_T_MAX is half the maximum possible memory size.)
 >
 > What the reason for checking half the maximum size?.

 In general, it helps us avoid underflows and other mistakes as well.

 In this case, there's just no reason to expect that values over 2^63^ are
 valid.

 > If that's a go and there's no problem with the code above I can change
 the if statement accordingly.

 Sure, feel free to put in a pull request, and someone will review it in
 the next week.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30920#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs