[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.

Subject: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 09 Mar 2015 18:46:55 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Mar 2015 14:47:02 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15205: There's something fishy in OSX's checked strlcat.
--------------------+------------------------------------
 Reporter:  nickm   |          Owner:
     Type:  defect  |         Status:  new
 Priority:  major   |      Milestone:  Tor: 0.2.6.x-final
Component:  Tor     |        Version:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
--------------------+------------------------------------
 Have a look at
 https://opensource.apple.com/source/Libc/Libc-1044.1.2/secure/strlcat_chk.c
 .

 When it checks to see whether the destination buffer overlaps with the
 input buffer in the second case, it isn't checking whether the input
 overlaps with the actual buffer that *will* be written; it's checking
 whether the input overlaps with the destination buffer, ''plus the extra
 space after the end of the destination buffer that would be written if
 there were enough room for the whole input.''

 I believe the second overlap check should be something more like:
 {{{
     __chk_overlap(dest, len, src, len - initial_dstlen - 1);
 }}}

 To do:
    * Check whether any of the BSDs have this problem.
    * Check whether older OSXs have this problem.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15205>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13053 [Quality Assurance and Testing]: Write regression tests for new NoScript options
Next by Author: Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
Previous by thread: [tor-bugs] #15204 [Tor Weather]: We could not locate a Tor node with that fingerprint.
Next by thread: Re: [tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
Index(es):
- Author
- Thread