[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5647 [Tor Hidden Services]: rend_parse_client_keys() prints stack in logs if base64_decode fails

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5647 [Tor Hidden Services]: rend_parse_client_keys() prints stack in logs if base64_decode fails
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 19 Apr 2012 15:58:10 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Apr 2012 11:58:23 -0400
In-reply-to: <043.7810450a5007f0ef6f1298a113c91e55@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.7810450a5007f0ef6f1298a113c91e55@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5647: rend_parse_client_keys() prints stack in logs if base64_decode fails
---------------------------------+------------------------------------------
 Reporter:  asn                  |          Owner:                    
     Type:  defect               |         Status:  needs_review      
 Priority:  normal               |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Hidden Services  |        Version:                    
 Keywords:                       |         Parent:                    
   Points:                       |   Actualpoints:                    
---------------------------------+------------------------------------------

Comment(by asn):

 Your fix looks good.

 Kinda lame that gcc and coverity didn't detect this one as use of
 uninitialized variable. Maybe we should send them an email?

 Also, should `srclen` in `base64_decode` be
 `REND_DESC_COOKIE_LEN_BASE64+2+1` or `REND_DESC_COOKIE_LEN_BASE64+2` to
 match with:
 {{{
  if (strlen(tok->args[0]) != REND_DESC_COOKIE_LEN_BASE64 + 2) {
 }}}
 ?

 It seems to me that if the base64 blob doesn't contain padding characters,
 `base64_decode` will also read the NUL (because of the `+1`) and fail. In
 other cases of `base64_decode()` we are feeding the output of `strlen()`
 as the `srclen`, which does not consider the NUL.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5647#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #5647 [Tor Hidden Services]: rend_parse_client_keys() prints stack in logs if base64_decode fails
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5644 [Tor Client]: rend_service_introduce() asserts circuit->rend_data before checking for proto violation
Next by Author: [tor-bugs] #5650 [- Select a component]: Tor hogging CPU
Previous by thread: Re: [tor-bugs] #5647 [Tor Hidden Services]: rend_parse_client_keys() prints stack in logs if base64_decode fails
Next by thread: Re: [tor-bugs] #5647 [Tor Hidden Services]: rend_parse_client_keys() prints stack in logs if base64_decode fails
Index(es):
- Author
- Thread