[tor-bugs] #14013 [Core Tor/Tor]: base16_decode() API is inconsistent and error-prone

Sun Jun 5 14:26:17 UTC 2016

#14013: base16_decode() API is inconsistent and error-prone
-----------------------------------+------------------------------------
 Reporter:  nickm                  |          Owner:  nikkolasg
     Type:  defect                 |         Status:  needs_revision
 Priority:  High                   |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor           |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  lorax, review-group-2  |  Actual Points:
Parent ID:                         |         Points:  1
 Reviewer:  dgoulet                |        Sponsor:  SponsorS-can
-----------------------------------+------------------------------------

Comment (by nikkolasg):

 Hi, finally found the time to finalize it. Here's some comments:

 * In routerset.c:107, a call to base16_decode is un-checked; while it may
 not be important, I prefer still to announce it so it may be looked over
 by a Tor dev at some point later ...

 * In control.c:1214, there's inconsistency between the size of the buffer
 and the return value. The size of the dest buffer is 64 but
 `base16_decode` returns `S2K_RFC2440_SPECIFIER_LEN + DIGEST_LEN`. In fact
 even the comments of the function say the hashed passwords should be of
 length `S2K_RFC2440_SPECIFIER_LEN + DIGEST_LEN`. It would be a good
 practice to unify both values. I did not do it here as it does not make
 much sense here I think.

 * I allowed myself to change some other files to make the `make check-
 spaces` happy, I hope it's ok ;)

 Otherwise the rest is ok :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14013#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online