[tor-bugs] #8845 [- Select a component]: Buffer overflow in test_crypto_aes_iv

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 8 11:39:11 UTC 2013 

#8845: Buffer overflow in test_crypto_aes_iv
----------------------------------+-----------------------------------------
 Reporter:  eugenis               |          Owner:                     
     Type:  defect                |         Status:  new                
 Priority:  minor                 |      Milestone:                     
Component:  - Select a component  |        Version:  Tor: 0.2.4.12-alpha
 Keywords:                        |         Parent:                     
   Points:                        |   Actualpoints:                     
----------------------------------+-----------------------------------------
 This is a test-only bug that is rather unlikely to affect anything.
 But still a bug.

 src/test/test_crypto.c:733:

 test_memneq(plain, decrypted2, encrypted_size);

 Here, encrypted_size can be larger than 4095 (the size of "plain" buffer).


 ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000031cff at
 pc 0x7fcfb8d1e3e6 bp 0x7fffc71385f0 sp 0x7fffc71385c0
 READ of size 4111 at 0x621000031cff thread T0
     #0 0x7fcfb8d1e3e5 in __interceptor_memcmp /code/llvm/build/../projects
 /compiler-rt/lib/asan/asan_interceptors.cc:282
     #1 0x7fcfb8fb60af in test_crypto_aes_iv  src/test/test_crypto.c:733
     #2 0x7fcfb925ab5c in testcase_run_bare_  src/ext/tinytest.c:89
     #3 0x7fcfb9259e82 in testcase_run_forked_  src/ext/tinytest.c:168
     #4 0x7fcfb92594bd in testcase_run_one  src/ext/tinytest.c:222
     #5 0x7fcfb925d903 in tinytest_main  src/ext/tinytest.c:347
     #6 0x7fcfb8d32b92 in main  src/test/test.c:2118

 0x621000031cff is located 0 bytes to the right of 4095-byte region
 [0x621000030d00,0x621000031cff)
 allocated by thread T0 here:
     #0 0x7fcfb8d21df2 in __interceptor_malloc /code/llvm/build/../projects
 /compiler-rt/lib/asan/asan_malloc_linux.cc:74
     #1 0x7fcfb9ac3109 in tor_malloc_  src/common/util.c:143
     #2 0x7fcfb8fb1ec2 in test_crypto_aes_iv  src/test/test_crypto.c:690
     #3 0x7fcfb925ab5c in testcase_run_bare_  src/ext/tinytest.c:89
     #4 0x7fcfb9259e82 in testcase_run_forked_  src/ext/tinytest.c:168
     #5 0x7fcfb92594bd in testcase_run_one  src/ext/tinytest.c:222
     #6 0x7fcfb925d903 in tinytest_main  src/ext/tinytest.c:347
     #7 0x7fcfb8d32b92 in main  src/test/test.c:2118

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8845>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list