[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #13085 [Tor]: [patch] tor control connection event mask (32 bits) is too small for events (33 events)
#13085: [patch] tor control connection event mask (32 bits) is too small for events
(33 events)
-----------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version: Tor: 0.2.5.5-alpha
Keywords: tor-relay | Actual Points:
Parent ID: | Points:
-----------------------+------------------------------------
In the tor git sources in early September 2014, the tor control connection
event mask (or.h 1740):
struct control_connection_t { ... uint32_t event_mask; ... }
is too small to contain all of the 33 listed events (control.h 158):
#define EVENT_MAX_ 0x0021
This makes the following code undefined for events 32 & 33 (control.c
585):
if (control_conn->event_mask & (1<<event)) {
The attached patch addresses this issue by making event_mask uint64_t, and
casting to uint64_t before the left shift. It also updates the comment to
note the upper bound of ((uint64_t)1)<<63.
As far as I can tell, the impact of this issue was to ignore or confuse
with other event types:
#define EVENT_TRANSPORT_LAUNCHED 0x0020
#define EVENT_HS_DESC 0x0021
FYI - this error was discovered using a tor built with:
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
Version: tor 0.2.6.?-alpha git 54348201f7cce9c0c01e9d4835714a2fec55c67c
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13085>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs