[tor-bugs] #4434 [Tor Client]: Buffer bounds check bug in tor_addr_to_str

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Nov 9 02:54:52 UTC 2011


#4434: Buffer bounds check bug in tor_addr_to_str
------------------------+---------------------------------------------------
 Reporter:  4ZM         |          Owner:              
     Type:  defect      |         Status:  needs_review
 Priority:  normal      |      Milestone:              
Component:  Tor Client  |        Version:              
 Keywords:              |         Parent:              
   Points:              |   Actualpoints:              
------------------------+---------------------------------------------------

Comment(by nickm):

 Looks good!  I can cherry-pick this commit if you want, or wait for a
 cleaned-up branch that doesn't also have #4433 and #4432 on it.

 Small stuff to fix or not, your choice:

 The failing test_eq checks should probably be doing a test_ptr_eq test for
 NULL; test_eq is (conceptually) supposed to be for numeric types.

 From a black-box testing perspective, I note that in all the cases that
 test for a "too short buf", the buffer length is smaller than the smallest
 possible value of that type.  Does it also work correctly in the case
 where (for example) we want to put the address 255.255.255.255 into a
 10-byte buffer?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4434#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list