[tor-bugs] #10363 [Tor]: Avoid additional pointer overflow in channeltls.c:channel_tls_process_certs_cells
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 11 19:31:10 UTC 2013
#10363: Avoid additional pointer overflow in
channeltls.c:channel_tls_process_certs_cells
-------------------------------------------------+-------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor:
Component: Tor | 0.2.5.x-final
Keywords: 024-backport 023-backport tor-relay | Version:
Parent ID: | Actual Points:
| Points:
-------------------------------------------------+-------------------------
See #101313 for general discription.
On IRC, bobnomnom notes a similar issue with
channel_tls_process_certs_cells. In this case, the compiler can't easily
optimize the pointer comparison away, so we don't need to worry about
that, but technically speaking we might be constructing a pointer that
wraps around ((void*)-1), which would give incorrect results.
And undefined behavior is very bad. So let's just fix this. Let's hunt
for other places it occurs too.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10363>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list