[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10362 [Pluggable transport]: Deploy FTE as a pluggable transport in PTTBBs
#10362: Deploy FTE as a pluggable transport in PTTBBs
-------------------------------------+-----------------
Reporter: asn | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------------------+-----------------
Comment (by asn):
We did a preliminary code review with Nick and Yawning. Here are some
comments:
- The max_len check in encoder.py:decode() is a bit weird. IIUC it's the
only check that controls the size of the input string, and the
max_len check does:
{{{
insufficient = (len(covertext) < self._max_len)
if insufficient:
raise DecodeFailureError(
"Covertext is shorter than self._max_len, can't decode.")
}}}
This confuses me, because I'm used to checks that abort if
the input string is '''larger''' than the maximum length, whereas your
check aborts if the input string is smaller than the maximum
length. Why is that?
- rank_unrank.cc:DFA::rank() is a bit sketchy. It's not entirely
obvious to me why the _T array has enough space to accomodate any
value of 'n' (which is the size of the input string). I don't really
understand _buildTable() which builds the _T array, and it's also
undocumented (what is _T even?).
This, combined with the previous comment might get ugly. But I might be
misreading the code.
- Yawning notes that 'std::string attFstFromRegex' is not exception safe.
- Nick notes that it might be better if we blindly replaced all operator[]
uses
with .at()s, which do bound checking. If at() is too slow for us,
parts of the code that are on the critical path should get analyzed
and optimized accordingly.
Parts of the code that can't use at() (if any) should use asserts to
make
sure that no out-of-bound read/write ever happens.
- It seems to me that some of the TODOs left on the rank_unrank.cc
file might be security related.
BTW, I mainly looked at the rank() function since IIUC it's the one that
receives network data. What other functions should we pay attention
to?
Also note that our review was mainly looking for security issues. We
didn't look for correctness.
We will come back with more comments!
Thanks!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10362#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs