[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17776 [Tor]: Buffer over-reads in directory and rendcache tests

Subject: Re: [tor-bugs] #17776 [Tor]: Buffer over-reads in directory and rendcache tests
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 08 Dec 2015 12:30:14 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 Dec 2015 07:30:25 -0500
In-reply-to: <051.7462181568e4ddd0960beb77f132c811@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.7462181568e4ddd0960beb77f132c811@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17776: Buffer over-reads in directory and rendcache tests
-------------------------+----------------------------------
 Reporter:  cypherpunks  |          Owner:
     Type:  defect       |         Status:  needs_revision
 Priority:  Medium       |      Milestone:
Component:  Tor          |        Version:  Tor: unspecified
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+----------------------------------
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:1 cypherpunks]:
 > The attached patches fixes the issues mentioned in the ticket
 description. I hope the commit messages speak for themselves. Rewriting
 them into the ticket seemed redundant.

 Code Review: Patches 1 & 2

 I agree that these buffer overruns need to be fixed.

 But what I'd like to do is change the functions that overrun the buffers
 so they don't overrun buffers if a short string is passed to them. That
 way, we fix the problem at the source.

 I want to check that the fingerprint strings are:
 * not NULL, and
 * don't contain a NULL character in the first DIGEST_LEN bytes?
 before the functions read the strings?

 You can use code like:
 {{{
 tor_assert(fingerprint);
 tor_assert(memchr(fingerprint, 0, DIGEST_LEN) == NULL);
 }}}

 That would also require updating all the test data so it's really
 DIGEST_LEN characters long (and increasing the buffer lengths by 1 to
 accommodate the terminating nul byte).

 > Patch 0003 is not related to this ticket other than that i found it
 while working on this ticket. I can open a separate ticket for it if that
 is preferred.

 Separate commits is great (and sufficient).

 Code Review: Patch 3

 Patch 0003 removes an unnecessary cast, let's merge Patch 3 only.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17776#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17776 [Tor]: Buffer over-reads in directory and rendcache tests
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #15578 [Tor Browser]: Ubuntu 10.04 LTS is EOL April 2015
Next by Author: Re: [tor-bugs] #17776 [Tor]: Buffer over-reads in directory and rendcache tests
Previous by thread: Re: [tor-bugs] #17776 [Tor]: Buffer over-reads in directory and rendcache tests
Next by thread: Re: [tor-bugs] #17776 [Tor]: Buffer over-reads in directory and rendcache tests
Index(es):
- Author
- Thread