[tor-bugs] #16980 [Tor]: Implicit time range assumption breaks Tor in Shadow
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 4 20:57:12 UTC 2015
#16980: Implicit time range assumption breaks Tor in Shadow
------------------------+------------------------------------
Reporter: robgjansen | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version: Tor: 0.2.7.2-alpha
Keywords: | Actual Points:
Parent ID: | Points:
------------------------+------------------------------------
There is an assumption in `src/common/tortls.c:582` in
`tor_tls_create_certificate`:
{{{
time_t now = time(NULL);
start_time = crypto_rand_time_range(now - cert_lifetime, now) +
2*24*3600;
}}}
The assumption is that `now` is greater than `cert_lifetime`, which does
not hold in Shadow because Shadow timestamps start from 0. This causes a
negative value to get sent into `crypto_rand_time_range`, which later gets
passed as an unsigned int, which then fails a bounds assertion because of
an underflow.
This problem also exists in 2 other callers of `crypto_rand_time_range`:
+ `add_an_entry_guard`
+ `entry_guards_parse_state`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16980>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list