[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17443 [Tor]: tor-gencert --passphrase-fd improperly checks for newline



#17443: tor-gencert --passphrase-fd improperly checks for newline
------------------------+------------------------------------
 Reporter:  junglefowl  |          Owner:
     Type:  defect      |         Status:  needs_review
 Priority:  Medium      |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor         |        Version:  Tor: 0.2.7.4-rc
 Severity:  Normal      |     Resolution:
 Keywords:  crash       |  Actual Points:
Parent ID:              |         Points:
  Sponsor:              |
------------------------+------------------------------------

Comment (by cypherpunks):

 Replying to [comment:5 nickm]:
 > I've done a slightly different fix as branch bug17443 in my public
 repository at https://gitweb.torproject.org/nickm/tor.git/ .  Please
 review?
 >
 IMO it would be better, with regards to readability, if the passphrase
 length was explicitly set to zero if no newline was found and do the
 pointer subtraction otherwise. Furthermore, `buf` is still uninitialized.
 Please initialize it to prevent future problems.

 A minor nitpick is the typo in the commit message (//Hnadle// instead of
 //Handle//).

 What about the argument against limiting the passphrase as made in
 [comment:2 comment 2] or is that for another ticket?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17443#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs