[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17852 [Tor]: Tor Daemon hardening: Fix complaints from FlawFinder.
#17852: Tor Daemon hardening: Fix complaints from FlawFinder.
----------------------+------------------------------------
Reporter: jsturgix | Owner:
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: 0.2.7
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------+------------------------------------
Comment (by nickm):
Replying to [comment:5 jsturgix]:
> Sorry so much time has passed before attempting a revision....
>
> 86a5305d46175c5d0c67564d3ee4e86a27f0c460:
> . This commit changes several snprintf() to tor_snprintf(). Is the
comment about strlcat() only working if UNICODE not defined apply to a
specific change or all of them? I'm probably missing something obvious,
but where is the tie to strlcat()?
Whoops! That comment should have referred to
5995489b9b67c6f10e1a9eca19b2fc0f8379e4bf .
When you do
{{{
@@ -3487,8 +3487,10 @@ load_windows_system_library(const TCHAR
*library_name)
n = GetSystemDirectory(path, MAX_PATH);
if (n == 0 || n + _tcslen(library_name) + 2 >= MAX_PATH)
return 0;
- _tcscat(path, TEXT("\\"));
- _tcscat(path, library_name);
+ /* _tcscat:Does not check for buffer overflows when concatenating
+ * to destination. */
+ strlcat(path, TEXT("\\"), MAX_PATH);
+ strlcat(path, library_name, MATH_PATH);
return LoadLibrary(path);
}
}}}
On windows, when UNICODE is defined, TCHAR is a WCHAR, not a char.
We could either merge the rest of the branch, or wait for a fixup on that
issue. Thoughts?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17852#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs