[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17443 [Tor]: tor-gencert --passphrase-fd improperly checks for newline

Subject: Re: [tor-bugs] #17443 [Tor]: tor-gencert --passphrase-fd improperly checks for newline
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 12 Feb 2016 10:00:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 12 Feb 2016 05:00:37 -0500
In-reply-to: <050.4069900508edd0a7a161f0438a4c88e9@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <050.4069900508edd0a7a161f0438a4c88e9@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17443: tor-gencert --passphrase-fd improperly checks for newline
------------------------+------------------------------------
 Reporter:  junglefowl  |          Owner:
     Type:  defect      |         Status:  needs_review
 Priority:  Medium      |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor         |        Version:  Tor: 0.2.7.4-rc
 Severity:  Normal      |     Resolution:
 Keywords:  crash       |  Actual Points:
Parent ID:              |         Points:
  Sponsor:              |
------------------------+------------------------------------

Comment (by cypherpunks):

 Replying to [comment:5 nickm]:
 > I've done a slightly different fix as branch bug17443 in my public
 repository at https://gitweb.torproject.org/nickm/tor.git/ .  Please
 review?
 >
 IMO it would be better, with regards to readability, if the passphrase
 length was explicitly set to zero if no newline was found and do the
 pointer subtraction otherwise. Furthermore, `buf` is still uninitialized.
 Please initialize it to prevent future problems.

 A minor nitpick is the typo in the commit message (//Hnadle// instead of
 //Handle//).

 What about the argument against limiting the passphrase as made in
 [comment:2 comment 2] or is that for another ticket?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17443#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17975 [Tor]: Introduce OutboundExitAddress to enable exit-only traffic to go via a different IP address
Next by Author: Re: [tor-bugs] #18305 [Tor]: Tor fails to start with setgid
Previous by thread: Re: [tor-bugs] #17443 [Tor]: tor-gencert --passphrase-fd improperly checks for newline
Next by thread: Re: [tor-bugs] #17443 [Tor]: tor-gencert --passphrase-fd improperly checks for newline
Index(es):
- Author
- Thread