[tor-bugs] #21439 [Core Tor/Tor]: Add a configure option to disable safety features that make fuzzing harder

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Feb 11 16:20:07 UTC 2017


#21439: Add a configure option to disable safety features that make fuzzing harder
------------------------------+--------------------------------
     Reporter:  nickm         |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.3.1.x-final
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 We've got quite a few places in our code where we use redundant safety
 features to prevent bugs from turning into really serious bugs.  But many
 of those safety features interfere with fuzzing, by covering up any
 underlying bugs that fuzzing would otherwise detect.

 For example, I'm thinking of:
     * The 4-byte sentinel word at the end of each buffer chunk
     * Various places in our code where we NUL-terminate stuff that doesn't
 actually (we hope!) need to be NUL-terminated.
     * The entire "memarea" fragmentation-resistant allocation strategy.
     * Probably some other stuff too

 But in addition to hardening our code a little, these features all make
 some classes of memory bug less likely to get noticed by the sanitizers.

 Now, you might argue that there's no need to have a way to fuzz without
 those safety features, if they actually do provide safety.  But on the
 other hand, they're meant to provide ''redundant'' safety, and if they are
 ever actually needed, that's a bug in our code that we ought to fix.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21439>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list