[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #19561 [Core Tor/Tor]: Misleading prop250 log messages

#19561: Misleading prop250 log messages
-------------------------------+--------------------------------
     Reporter:  asn            |      Owner:
         Type:  defect         |     Status:  new
     Priority:  Medium         |  Milestone:  Tor: 0.2.9.x-final
    Component:  Core Tor/Tor   |    Version:
     Severity:  Normal         |   Keywords:  tor-prop250
Actual Points:                 |  Parent ID:
       Points:  0.3            |   Reviewer:
      Sponsor:  SponsorR-must  |
-------------------------------+--------------------------------
 There are various instances where we combine `sr_commit_get_rsa_fpr()`
 with `hex_str()` in log messages. This won't work because
 `sr_commit_get_rsa_fpr()` actually calls `hex_str()` underneath, and you
 can't have repeated calls to `hex_str()` because it uses a stack buffer.

 Examples:

 {{{
   log_debug(LD_DIR, "SR: Inspecting commit from %s (voter: %s)?",
             sr_commit_get_rsa_fpr(commit),
             hex_str(voter_key, DIGEST_LEN));
 }}}
 {{{
     if (!commitments_are_the_same(commit, saved_commit)) {
       log_warn(LD_DIR, "SR: Commit from authority %s is different from "
                        "previous commit in our state (voter: %s)",
                sr_commit_get_rsa_fpr(commit),
                hex_str(voter_key, DIGEST_LEN));
       goto ignore;
     }
 }}}

 {{{
     if (verify_commit_and_reveal(commit) < 0) {
       log_warn(LD_BUG, "SR:a Commit from authority %s has an invalid "
                        "reveal value. (voter: %s)",
                sr_commit_get_rsa_fpr(commit),
                hex_str(voter_key, DIGEST_LEN));
       goto ignore;
     }
 }}}

 I found this issue while auditing log messages that did not make sense in
 a Chutney network.

 In general, it's naughty to hide a delicate function like `hex_str()`
 behind other functions (like `sr_commit_get_rsa_fpr()`) without making it
 clear that this is the case.

 Fortunately, from what I see, this bug only occurs in logging cases. But
 we should make sure we don't have this sort of issue from now on.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19561>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs