[tor-bugs] #16582 [Tor]: Distinguish ENOENT from other error cases when loading keys.

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 14 18:50:54 UTC 2015 

#16582: Distinguish ENOENT from other error cases when loading keys.
--------------------------+--------------------------------
     Reporter:  nickm     |      Owner:
         Type:  defect    |     Status:  needs_review
     Priority:  critical  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor       |    Version:
   Resolution:            |   Keywords:
Actual Points:            |  Parent ID:  #16530
       Points:            |
--------------------------+--------------------------------

Comment (by teor):

 I think we want errno to always be set on error.
 Because this is what `ed_key_init_from_file` assumes in
 5e8edba3d80bf53e5e5c09c8a87e06d0c69e00b7

 To make this happen in b566cb9e84b095289a1c662e953218c9a7d1f77d

 In `read_file_to_str`
 This code should probably set `errno = EINVAL`
 {{{
   if ((uint64_t)(statbuf.st_size)+1 >= SIZE_T_CEILING) {
     close(fd);
     return NULL;
   }
 }}}

 To match these changes in `crypto_read_tagged_contents_from_file`:
 {{{
 if (st.st_size < 32 || st.st_size > 32 + data_out_len) {
   saved_errno = EINVAL;
   goto end;
 }
 }}}

 Similarly, in `read_all`, the following code should probably set `errno =
 EINVAL`:
 {{{
   if (count > SIZE_T_CEILING || count > SSIZE_MAX)
     return -1;
 }}}

 And in `read_file_to_str_until_eof`:
 {{{
   if (max_bytes_to_read+1 >= SIZE_T_CEILING)
     return NULL;
 }}}

 To make this happen in 0a6997d78bdbf485f42acfa95558a91db3381d70

 In `read_encrypted_secret_key`, the following code should probably set
 `errno = EINVAL`:
 {{{
   if (strcmp(tag, ENC_KEY_TAG))
     goto done;
 }}}
 {{{
     if (pwlen < 0)
       goto done;
 }}}

 In `ed25519_seckey_read_from_file`, the following code should probably set
 `errno = EINVAL`:
 {{{
   if (len != sizeof(seckey_out->seckey))
     return -1;
 }}}

 Similarly, in `ed25519_pubkey_read_from_file`:
 {{{
   if (len != sizeof(pubkey_out->pubkey))
     return -1;
 }}}

 In 5e8edba3d80bf53e5e5c09c8a87e06d0c69e00b7:

 Do we want to implement `INIT_ED_KEY_NO_REPAIR` for the certificate file,
 or is replacing it on any error ok?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16582#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list