[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #30480 [Applications/rbm]: rbm should check that a signed tag object contains the expected tag name
#30480: rbm should check that a signed tag object contains the expected tag name
----------------------------------+--------------------------------
Reporter: boklm | Owner: boklm
Type: task | Status: needs_revision
Priority: Medium | Milestone:
Component: Applications/rbm | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201905 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------+--------------------------------
Changes (by gk):
* status: needs_review => needs_revision
* keywords: TorBrowserTeam201905R => TorBrowserTeam201905
Comment:
I guess
{{{
+ return $1 if $l =~ m/^tag (.*)$/;
}}}
is assuming that the first such line showing up is the one we want and an
attacker can't get to enter fake tag lines (like they can do with a commit
message) before that? If so, could we add a comment here?
s/helping fix/helping to fix/
Otherwise this looks good to me.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30480#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs