[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [tor/maint-0.2.2 1/3] Fix up size and sign issues in base32 code

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] [tor/maint-0.2.2 1/3] Fix up size and sign issues in base32 code
From: nickm@xxxxxxxxxxxxxx
Date: Wed, 12 Jan 2011 17:40:11 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Wed, 12 Jan 2011 12:48:30 -0500
Reply-to: or-cvs@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon, 3 Jan 2011 16:16:53 -0500
Subject: Fix up size and sign issues in base32 code
Commit: 0222228d64bf29a3b9db5a80a557e20c3c360224

Fixes bug 2331.
---
 changes/bug2331     |    6 ++++++
 src/common/crypto.c |   10 ++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 changes/bug2331

diff --git a/changes/bug2331 b/changes/bug2331
new file mode 100644
index 0000000..df97ac2
--- /dev/null
+++ b/changes/bug2331
@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+    - Add assertions to check for overflow in arguments to
+      base32_encode and base32_decode; fix a signed-unsigned
+      comparison there too.  These bugs are actually reachable in Tor,
+      but it's good to prevent future errors too.  Found by doorss.
+
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6516261..71cf6d4 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2412,9 +2412,10 @@ digest256_from_base64(char *digest, const char *d64)
 void
 base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
 {
-  unsigned int i, bit, v, u;
-  size_t nbits = srclen * 8;
+  unsigned int i, v, u;
+  size_t nbits = srclen * 8, bit;
 
+  tor_assert(srclen < SIZE_T_CEILING/8);
   tor_assert((nbits%5) == 0); /* We need an even multiple of 5 bits. */
   tor_assert((nbits/5)+1 <= destlen); /* We need enough space. */
   tor_assert(destlen < SIZE_T_CEILING);
@@ -2438,11 +2439,12 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
 {
   /* XXXX we might want to rewrite this along the lines of base64_decode, if
    * it ever shows up in the profile. */
-  unsigned int i, j, bit;
-  size_t nbits;
+  unsigned int i, bit;
+  size_t nbits, j;
   char *tmp;
   nbits = srclen * 5;
 
+  tor_assert(srclen < SIZE_T_CEILING / 5);
   tor_assert((nbits%8) == 0); /* We need an even multiple of 8 bits. */
   tor_assert((nbits/8) <= destlen); /* We need enough space. */
   tor_assert(destlen < SIZE_T_CEILING);
-- 
1.7.1

Prev by Author: [or-cvs] [tor/maint-0.2.2 2/3] Fix size_t vs unsigned comparison too
Next by Author: [or-cvs] [tor/master 3/3] add a missing "not" in bug2331 changelog
Previous by thread: [or-cvs] [tor/master 2/3] Fix size_t vs unsigned comparison too
Next by thread: [or-cvs] [tor/master 2/2] Explain bug2346 fix better based on suggestions from arma
Index(es):
- Author
- Thread