[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #2317 [Tor Client]: Missing sanity checks for cbtnummodes consensus parameter
#2317: Missing sanity checks for cbtnummodes consensus parameter
------------------------+---------------------------------------------------
Reporter: Sebastian | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.1.x-final
Component: Tor Client | Version:
Keywords: | Parent:
------------------------+---------------------------------------------------
Changes (by nickm):
* priority: normal => major
* milestone: => Tor: 0.2.1.x-final
Old description:
> <doors> wtf. devs inserted trapdoors!?
> "tor_malloc_zero(num_modes*sizeof(build_time_t))" how much? anything
> else?
>
> I think what doors was referring to is that we don't do any sanity checks
> on the value of the consensus parameter, so we can either request
> ridiculous amounts of memory or worse request 0 modes. Since doors
> immediately left irc I had no time to confirm if there was more.
New description:
[]<doors> wtf. devs inserted trapdoors!?
"tor_malloc_zero(num_modes*sizeof(build_time_t))" how much? anything else?
I think what doors was referring to is that we don't do any sanity checks
on the value of the consensus parameter, so we can either request
ridiculous amounts of memory or worse request 0 modes. Since doors
immediately left irc I had no time to confirm if there was more.
--
Comment:
Okay, let me know if the patch isn't going to be timely and I'll work on
one.
Re doors: If he tells us about bugs, we can fix them. If he tells us
we're three-year-olds, there isn't much we can do about that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2317#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs