[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17868 [Core Tor/Tor]: base64_decode_nopad() destination buffer length problem

Subject: Re: [tor-bugs] #17868 [Core Tor/Tor]: base64_decode_nopad() destination buffer length problem
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 26 May 2016 18:15:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 May 2016 14:15:59 -0400
In-reply-to: <047.0b045cf09e43c62de7cc2c535d9bf9f4@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.0b045cf09e43c62de7cc2c535d9bf9f4@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17868: base64_decode_nopad() destination buffer length problem
--------------------------+------------------------------------
 Reporter:  dgoulet       |          Owner:  nikkolasg
     Type:  defect        |         Status:  needs_revision
 Priority:  Medium        |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:  #16943        |         Points:  0.1
 Reviewer:  dgoulet       |        Sponsor:  SponsorR-can
--------------------------+------------------------------------
Changes (by dgoulet):

 * keywords:  review-group-2 =>
 * status:  needs_review => needs_revision


Comment:

 First of all, thanks for this!

 Could you explain how this patch is fixing the issue? Basically, for the
 commit message.

 Some review comments:

 * Rename `base64_decode_internal` to something like `base64_decode_impl(`
 and make it static so it's not accessible by anyone outside of
 util_format.c

 * In the test, `uint8_t *dst2 = tor_malloc_zero(40);` could probably be
 changed to `uint8_t dst2[40];` and then pass `sizeof(dst2)` instead of 40.

 * In the test, I would put this string in a const char above
 `"Hi,thisisatestforbase64decodenopadfuncti"` like `char *decoded_src2` and
 use it in the mem test with strlen(). It just makes things so much easier
 if we ever need to modify this part.

 * Please align the arguments of `base64_decode_internal()` like
 `base64_decode_nopad` does it.

 * I think the following checks could be done at the beginning of the
 function just before the malloc because now they leak `buf` memory on
 error:

 {{{
   if (destlen < (srclen*3)/4)
     return -1;

   if (destlen > SIZE_T_CEILING)
     return -1;
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17868#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17298 [Internal Services/Tor Sysadmin Team]: IPv6 on cappadocicum
Next by Author: Re: [tor-bugs] #19045 [Core Tor/Tor]: Keep trying to form a new shared random value during the next commit phase
Previous by thread: Re: [tor-bugs] #17868 [Core Tor/Tor]: base64_decode_nopad() destination buffer length problem
Next by thread: Re: [tor-bugs] #17868 [Core Tor/Tor]: base64_decode_nopad() destination buffer length problem
Index(es):
- Author
- Thread