[tor-bugs] #15436 [Tor]: Unaligned access in SipHash24 code
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Mar 22 15:52:06 UTC 2015
#15436: Unaligned access in SipHash24 code
---------------------+------------------------------------
Reporter: pstumpf | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version: Tor: 0.2.5.11
Keywords: | Actual Points:
Parent ID: | Points:
---------------------+------------------------------------
Tor segfaults on OpenBSD/sparc64 on startup. GDB backtrace:
#0 siphash24 (src=0xfffffffffffcdc34, src_sz=20, key=Variable "key" is
not avai
lable.
)
at src/ext/csiphash.c:118
118 memcpy(&mi, in, 8);
(gdb) bt
#0 siphash24 (src=0xfffffffffffcdc34, src_sz=20, key=Variable "key" is
not avai
lable.
)
at src/ext/csiphash.c:118
#1 0x00000026f1b853c8 in node_get_mutable_by_id (identity_digest=Variable
"iden
tity_digest" is not available.
)
As you can easily see, node_get_mutable_by_id passes an unaligned pointer
to siphash24, which memcpy then tries to copy from. This is a (struct
node_t)->identity, so maybe that struct should have alignment padding?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15436>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list