[tor-bugs] #18276 [Tor]: directory_send_command doesn't check string operation return values
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 8 05:36:15 UTC 2016
#18276: directory_send_command doesn't check string operation return values
------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Low | Milestone: Tor: 0.2.9.x-final
Component: Tor | Version:
Severity: Minor | Keywords: easy
Actual Points: | Parent ID:
Points: low | Sponsor:
------------------------+--------------------------------
When reviewing directory_send_command() in #18051, I noticed:
We are not checking the return values of tor_snprintf and strlcpy, I
wonder if we should do that.
I wonder if the buffers are large enough:
* the maximum length of a DNS name is 254 characters, but the buffers are
128 characters
* the maximum length of an IPv6 address is 48 characters (see
TOR_ADDR_BUF_LEN)
* the maximum length of an IPv4 address is 15 characters
* the `:port` adds another 6 characters
* the `http://` adds another 7 characters
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18276>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list