[tor-bugs] #15205 [Tor]: There's something fishy in OSX's checked strlcat.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 9 18:46:55 UTC 2015
#15205: There's something fishy in OSX's checked strlcat.
--------------------+------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
--------------------+------------------------------------
Have a look at
https://opensource.apple.com/source/Libc/Libc-1044.1.2/secure/strlcat_chk.c
.
When it checks to see whether the destination buffer overlaps with the
input buffer in the second case, it isn't checking whether the input
overlaps with the actual buffer that *will* be written; it's checking
whether the input overlaps with the destination buffer, ''plus the extra
space after the end of the destination buffer that would be written if
there were enough room for the whole input.''
I believe the second overlap check should be something more like:
{{{
__chk_overlap(dest, len, src, len - initial_dstlen - 1);
}}}
To do:
* Check whether any of the BSDs have this problem.
* Check whether older OSXs have this problem.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15205>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list