[tor-bugs] #19947 [Core Tor/Tor]: NULL %s in fmt string (dir_server_new() - routerlist.c)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Aug 20 08:32:06 UTC 2016
#19947: NULL %s in fmt string (dir_server_new() - routerlist.c)
---------------------------------------+-----------------------------------
Reporter: rubiate | Owner:
Type: defect | Status: merge_ready
Priority: Medium | Milestone: Tor:
| 0.2.8.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.8.1-alpha
Severity: Normal | Resolution:
Keywords: regression?, 028-backport | Actual Points:
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
---------------------------------------+-----------------------------------
Changes (by teor):
* keywords: => regression?, 028-backport
* status: new => merge_ready
* points: => 0.5
* version: => Tor: 0.2.8.1-alpha
* milestone: => Tor: 0.2.8.x-final
Comment:
Thanks for reporting this. I'm surprised we didn't catch it earlier in our
unit tests.
It looks like we introduced this bug back in tor-0.2.4.7-alpha, but it
only affected people who uses the FallbackDir option. When we added hard-
coded fallback directories in 0.2.8.1-alpha, that triggered this bug on
the default config.
I think this patch fixed the issue.
We'll need a short changes file.
I wonder if we should put it in 0.2.8.7, because passing NULL like this is
a bug. It's definitely undefined behaviour, so it has potential security
implications. Printing the contents of NULL to your log is bad, and could
corrupt memory or cause crashes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19947#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list