[tor-bugs] #21439 [Core Tor/Tor]: Add a configure option to disable safety features that make fuzzing harder
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 11 16:20:07 UTC 2017
#21439: Add a configure option to disable safety features that make fuzzing harder
------------------------------+--------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
We've got quite a few places in our code where we use redundant safety
features to prevent bugs from turning into really serious bugs. But many
of those safety features interfere with fuzzing, by covering up any
underlying bugs that fuzzing would otherwise detect.
For example, I'm thinking of:
* The 4-byte sentinel word at the end of each buffer chunk
* Various places in our code where we NUL-terminate stuff that doesn't
actually (we hope!) need to be NUL-terminated.
* The entire "memarea" fragmentation-resistant allocation strategy.
* Probably some other stuff too
But in addition to hardening our code a little, these features all make
some classes of memory bug less likely to get noticed by the sanitizers.
Now, you might argue that there's no need to have a way to fuzz without
those safety features, if they actually do provide safety. But on the
other hand, they're meant to provide ''redundant'' safety, and if they are
ever actually needed, that's a bug in our code that we ought to fix.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21439>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list