[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17852 [Tor]: Tor Daemon hardening

Subject: Re: [tor-bugs] #17852 [Tor]: Tor Daemon hardening
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 15 Dec 2015 16:51:24 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 15 Dec 2015 11:51:44 -0500
In-reply-to: <048.ad6b8af43ce9f1d4a30ccc84e7163121@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.ad6b8af43ce9f1d4a30ccc84e7163121@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17852: Tor Daemon hardening
----------------------+------------------------------------
 Reporter:  jsturgix  |          Owner:
     Type:  defect    |         Status:  needs_revision
 Priority:  Medium    |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor       |        Version:  Tor: 0.2.7
 Severity:  Normal    |     Resolution:
 Keywords:            |  Actual Points:
Parent ID:            |         Points:
  Sponsor:            |
----------------------+------------------------------------
Changes (by nickm):

 * status:  needs_review => needs_revision


Comment:

 86a5305d46175c5d0c67564d3ee4e86a27f0c460:
   * strlcat only works here if UNICODE is not defined.  Otherwise this
 breaks UNICODE builds, I think.

 191b8d8b7885609006062da7d7ef8bef7a4161a8:
   * realpath replaces .. and . and resolves symlinks.  Will this new
 behavior hurt anything?
   * The return value from realpath() is allocated with malloc().  This
 means that if tor_malloc is *not* just based on malloc, we will later fail
 when we tor_free on the pointer.
   * ... ah, never mind, you reverted it. :)

 28241bd4b47bdf4616a237f1bf28c9d65c9373af:
   * This seems to break the semantics for CPD_CHECK; see the documentation
 at the head of the function.

 Otherwise this stuff looks fine!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17852#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17852 [Tor]: Tor Daemon hardening
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #16344 [Service - lists]: Anomalous tor-reports@ subscription requests
Next by Author: Re: [tor-bugs] #17827 [Tor]: Different return type of backtrace function on FreeBSD
Previous by thread: Re: [tor-bugs] #17852 [Tor]: Tor Daemon hardening
Next by thread: Re: [tor-bugs] #17852 [Tor]: Tor Daemon hardening: Fix complaints from FlawFinder. (was: Tor Daemon hardening)
Index(es):
- Author
- Thread