[tor-bugs] #18479 [Tor]: Avoid overflow in tor_timegm when time_t is 32 bit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 23 19:37:20 UTC 2016
#18479: Avoid overflow in tor_timegm when time_t is 32 bit
-------------------------------------------------+-------------------------
Reporter: teor | Owner: asn
Type: defect | Status:
Priority: Medium | assigned
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: integer-overflow security-maybe | Version: Tor:
must-fix-before-028-rc | unspecified
Parent ID: | Resolution:
Reviewer: | Actual Points:
| Points:
| Sponsor:
-------------------------------------------------+-------------------------
Comment (by teor):
Thanks for taking this over, dgoulet.
Replying to [comment:2 nickm]:
> NM.1. I'm not sure how I feel about this line:
> {{{
> + tor_assert(seconds >= TIME_MIN);
> }}}
>
> Are we sure that nobody can ever give tor_timgm() a big negative
tm_year, causing it to crash Tor?
We clip the year to a minimum of 1970 / 0, and the other fields are
clipped to 0 or 1, so we can only get positive values.
But I'm happy to include this check in the out of bounds condition rather
than asserting on it.
> NM.2. I think it would make more sense to make sure that `*time_out` is
always set to _something_, in case some foolish programmer ignores the
return value?
I agree. 0 is as good as any other value.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18479#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list