[tor-bugs] #17443 [Tor]: tor-gencert --passphrase-fd improperly checks for newline
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 12 10:00:25 UTC 2016
#17443: tor-gencert --passphrase-fd improperly checks for newline
------------------------+------------------------------------
Reporter: junglefowl | Owner:
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: 0.2.7.4-rc
Severity: Normal | Resolution:
Keywords: crash | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------+------------------------------------
Comment (by cypherpunks):
Replying to [comment:5 nickm]:
> I've done a slightly different fix as branch bug17443 in my public
repository at https://gitweb.torproject.org/nickm/tor.git/ . Please
review?
>
IMO it would be better, with regards to readability, if the passphrase
length was explicitly set to zero if no newline was found and do the
pointer subtraction otherwise. Furthermore, `buf` is still uninitialized.
Please initialize it to prevent future problems.
A minor nitpick is the typo in the commit message (//Hnadle// instead of
//Handle//).
What about the argument against limiting the passphrase as made in
[comment:2 comment 2] or is that for another ticket?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17443#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list