[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10363 [Tor]: Avoid additional pointer overflow in channeltls.c:channel_tls_process_certs_cells

Subject: Re: [tor-bugs] #10363 [Tor]: Avoid additional pointer overflow in channeltls.c:channel_tls_process_certs_cells
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 08 Apr 2014 02:23:07 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 07 Apr 2014 22:23:40 -0400
In-reply-to: <045.7a260c5e27541e679f2f6b4e65268046@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.7a260c5e27541e679f2f6b4e65268046@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10363: Avoid additional pointer overflow in
channeltls.c:channel_tls_process_certs_cells
-------------------------+-------------------------------------------------
     Reporter:  nickm    |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  major    |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  024-backport, 023-backport, tor-
Actual Points:           |  relay, 025-triaged
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by andrea):

 Begin code review:

  * e8b7224d88c8bf96ef58de444315304edefe66e1 looks fine to me

  * 47d604fa8ffe5a62c78f766d95045c4eb224889a looks fine to me

  * In 66931507cf8f5e782469c90d0db2858d9af58c14, is the 'if (cp >= end)'
 test on line 853 also possibly an issue?  It's the only remaining use of
 'end' after the current patch I believe.

  * 83763622c589af82db3cc67d08097f60ac98c8a3 yeah, I like this better than
 the one after 47d604fa8ffe5a62c78f766d95045c4eb224889a

  * a201f44f8d46246ed89f3b303ca2bb2e044f74d8 looks okay

  * e40a8796990b5f01c0504c3bb0e1d702eb68f9f1 seems much less icky than the
 old one, at least going by the amounts of time it took my presently rather
 frayed-at-the-edges brain to conclude that both have the same behavior and
 do not attempt to read past the end of the array if cell->payload_len is
 odd.

  * 99cda334a910f8e24c7e0da58a522dae103f9163 looks fine to me

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10363#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #11435 [Tor Sysadmin Team]: Generate new private key for SSL termination at torproject.org
Next by Author: Re: [tor-bugs] #9665 [Tor]: if no bridges are usable, tor should report a bootstrap error
Previous by thread: Re: [tor-bugs] #11435 [Tor Sysadmin Team]: Generate new private key for SSL termination at torproject.org
Next by thread: Re: [tor-bugs] #10363 [Tor]: Avoid additional pointer overflow in channeltls.c:channel_tls_process_certs_cells
Index(es):
- Author
- Thread