[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists

To: undisclosed-recipients:;
Subject: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 22 Oct 2012 20:16:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 22 Oct 2012 16:16:19 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7191: smartlist_bsearch_idx() is broken for short lists
--------------------+-------------------------------------------------------
 Reporter:  andrea  |          Owner:  andrea            
     Type:  defect  |         Status:  new               
 Priority:  major   |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor     |        Version:  Tor: 0.2.4.3-alpha
 Keywords:          |         Parent:                    
   Points:          |   Actualpoints:                    
--------------------+-------------------------------------------------------
 Per asn:

 ---begin quote---

 Hi Andrea,

 this is a possible bug I was discussing with Nick. He is pretty busy these
 days, so a third set of eyes could be useful:

 <asn> hi
 <asn> fwiw smartlist_bsearch_idx() seems a bit sloppy
 <asn> it doesn't handle the case where the sl is empty (smartlist_len(sl)
 - 1, underflows)
 <asn> and if sl has one element, there is still the danger of underflowing
 'hi = mid-1;'.
 <asn> from what I see, the function is only used with smartlist carrying
 the whole routerlist, so it's "safe" till tor has only one relay.
 <nickm> ...at which point we've got other problems, yeah.
 <nickm> still a good idea to fix it
 <nickm> hang on
 <nickm> it's used in smartlist_bsearch, which is used in other places too
 <asn> i think smartlist_bsearch() is also only used with the whole
 routerlist.
 <nickm> you mean networkstatus
 <nickm> the routerlist is the list of routerinfo_t we know
 <nickm> there are enough places where it's used that I think we should
 have more eyes looking at it before we accidentally 0day ourselves.  I'll
 look through the code by thursday; you can also ask athena on
 #tor-internal if you like
 <asn> btw, the interface of smartlist_bsearch_idx() doesn't allow
 particularly elegant error handling :(

 --- end quote ---

 This function is broken for lists of length zero or one and doesn't check
 the pointer arguments for nullness properly.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7191>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7190 [Tor]: tor client ignores ClientRejectInternalAddresses when considering short exit policies
Next by Author: Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
Previous by thread: Re: [tor-bugs] #7190 [Tor]: tor client ignores ClientRejectInternalAddresses when considering short exit policies
Next by thread: Re: [tor-bugs] #7191 [Tor]: smartlist_bsearch_idx() is broken for short lists
Index(es):
- Author
- Thread