[tor-bugs] #21278 [Core Tor/Tor]: Avoid signed integer underflow when comparing versions (Fix TROVE-2017-001)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 14 09:06:13 UTC 2017
#21278: Avoid signed integer underflow when comparing versions (Fix TROVE-2017-001)
--------------------------+------------------------------------
Reporter: nickm | Owner: nickm
Type: defect | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 029-backport | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by arma):
Replying to [comment:3 nickm]:
> My branch `bug21278_024_v2` tries to fix this
I pushed a `bug21278_024_v3` branch that has an extra commit to better
document the new function.
That said, I think your commits 2c768c2c0 and 54e2e027 are only for dir
auths, right? So there isn't any point in backporting them earlier than
0.2.9?
Speaking of which, for 4e720ad7 which looks like the main fix here, the
changelog stanza says {{{This bug is harmless, except when Tor has been
build with --enable-expensive-hardening, which would turn it into a
crash.}}} Am I remembering correctly that only recent Tor branches have
put expensive-hardening on by default? That is, the earlier fix for this
TROVE (i.e. disabling ftrapv) only went into 0.2.9.x and 0.3.0.x? Why
backport a fix for a harmless bug so far back? :)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21278#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list