[tor-bugs] #4413 [Tor Relay]: Non-triggerable integer overflow in crypto_random_hostname()

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Nov 7 15:49:04 UTC 2011


#4413: Non-triggerable integer overflow in crypto_random_hostname()
-----------------------+----------------------------------------------------
 Reporter:  asn        |          Owner:     
     Type:  defect     |         Status:  new
 Priority:  minor      |      Milestone:     
Component:  Tor Relay  |        Version:     
 Keywords:  easy       |         Parent:     
   Points:             |   Actualpoints:     
-----------------------+----------------------------------------------------
Changes (by nickm):

  * keywords:  => easy
  * priority:  normal => minor


Comment:

 I agree that it is worth fixing for cleanness's sake.

 In practice, though, it will never actually trigger, since the point of
 this function is to generate a random hostname component.  Hostnames
 aren't supposed to have any pieces longer than 63 characters.  So an
 acceptable fix would be to do "if (randlen > 63) randlen = 63;", replacing
 63 with an appropriate macro.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4413#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list