[tor-bugs] #10313 [Tor]: or/channeltls.c Pointer Overflow Leads To Undefined Behavior, No Error Handling
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 11 21:54:23 UTC 2013
#10313: or/channeltls.c Pointer Overflow Leads To Undefined Behavior, No Error
Handling
-------------------------+-------------------------------------------------
Reporter: | Owner:
jaredlwong | Status: new
Type: defect | Milestone: Tor: 0.2.4.x-final
Priority: normal | Version: Tor: unspecified
Component: Tor | Keywords: pointer overflow undefined behavior
Resolution: | 024-backport
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by asn):
It's a case of ''review branch only after it's merged'' again (although
it also applies to the 0.2.4 branch), but I wonder if there is any point
in adding a comment that describes what we used to check:
{{{
+ /* We used to check:
+ * if (my_addr_len >= CELL_PAYLOAD_SIZE - 6) {
+ *
+ * This is actually never going to happen, since my_addr_len is at most
255,
+ * and CELL_PAYLOAD_LEN - 6 is 503. So we know that cp is < end. */
}}}
It seems to me that this is more suitable for a git commit message than a
code comment.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10313#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list