[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #14013 [Core Tor/Tor]: base16_decode() API is inconsistent and error-prone
#14013: base16_decode() API is inconsistent and error-prone
-----------------------------------+------------------------------------
Reporter: nickm | Owner: nikkolasg
Type: defect | Status: needs_revision
Priority: High | Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: lorax, review-group-2 | Actual Points:
Parent ID: | Points: 1
Reviewer: dgoulet | Sponsor: SponsorS-can
-----------------------------------+------------------------------------
Comment (by nikkolasg):
Hi, finally found the time to finalize it. Here's some comments:
* In routerset.c:107, a call to base16_decode is un-checked; while it may
not be important, I prefer still to announce it so it may be looked over
by a Tor dev at some point later ...
* In control.c:1214, there's inconsistency between the size of the buffer
and the return value. The size of the dest buffer is 64 but
`base16_decode` returns `S2K_RFC2440_SPECIFIER_LEN + DIGEST_LEN`. In fact
even the comments of the function say the hashed passwords should be of
length `S2K_RFC2440_SPECIFIER_LEN + DIGEST_LEN`. It would be a good
practice to unify both values. I did not do it here as it does not make
much sense here I think.
* I allowed myself to change some other files to make the `make check-
spaces` happy, I hope it's ok ;)
Otherwise the rest is ok :)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14013#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs