[tor-bugs] #17852 [Tor]: Tor Daemon hardening
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 15 16:51:24 UTC 2015
#17852: Tor Daemon hardening
----------------------+------------------------------------
Reporter: jsturgix | Owner:
Type: defect | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: 0.2.7
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------+------------------------------------
Changes (by nickm):
* status: needs_review => needs_revision
Comment:
86a5305d46175c5d0c67564d3ee4e86a27f0c460:
* strlcat only works here if UNICODE is not defined. Otherwise this
breaks UNICODE builds, I think.
191b8d8b7885609006062da7d7ef8bef7a4161a8:
* realpath replaces .. and . and resolves symlinks. Will this new
behavior hurt anything?
* The return value from realpath() is allocated with malloc(). This
means that if tor_malloc is *not* just based on malloc, we will later fail
when we tor_free on the pointer.
* ... ah, never mind, you reverted it. :)
28241bd4b47bdf4616a237f1bf28c9d65c9373af:
* This seems to break the semantics for CPD_CHECK; see the documentation
at the head of the function.
Otherwise this stuff looks fine!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17852#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list