[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #30561 [Core Tor/Tor]: Fixed tor_vasprintf on systems without vasprintf.
#30561: Fixed tor_vasprintf on systems without vasprintf.
--------------------------+------------------------------
Reporter: paldium | Owner: (none)
Type: defect | Status: new
Priority: Low | Component: Core Tor/Tor
Version: Tor: 0.4.0.5 | Severity: Minor
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
If tor is compiled on a system with neither vasprintf nor _vscprintf,
the fallback implementation exposes a logic flaw which prevents
proper usage of strings longer than 127 characters:
* tor_vsnprintf returns -1 if supplied buffer is not large enough,
but tor_vasprintf uses this function to retrieve required length
* the result of tor_vsnprintf is not properly checked for negative
return values
Both aspects together could in theory lead to exposure of uninitialized
stack memory in the resulting string. This requires an invalid format
string or data that exceeds integer limitations.
Fortunately tor is not even able to run with this implementation because
it runs into asserts early on during startup. Also the unit tests fail
during a "make check" run.
At this point it would make sense to check if support for these systems is
still a desired option. It seems that nobody noticed lack of support for
at least a year.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30561>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs