[tor-bugs] #2331 [Tor Relay]: Possible integer overflows in base32_encode, base32_decode

[Tor Bug Tracker & Wiki]

#2331: Possible integer overflows in base32_encode, base32_decode
-----------------------+----------------------------------------------------
 Reporter:  rransom    |       Owner:                    
     Type:  defect     |      Status:  needs_review      
 Priority:  normal     |   Milestone:  Tor: 0.2.2.x-final
Component:  Tor Relay  |     Version:                    
 Keywords:  easy       |      Parent:                    
-----------------------+----------------------------------------------------

Comment(by cypherpunks):

 {{{
 fix a signed-unsigned
 comparison there too.
 }}}
 Hm?

 base32_decode():
 {{{
 unsigned int i, bit;
 }}}
 {{{
 for (i = 0, bit = 0; bit < nbits; ++i, bit += 8) {
 }}}
 sizeof(bit) vs. sizeof(nbits), still there.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2331#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online