[tor-bugs] #21278 [Core Tor/Tor]: Avoid signed integer underflow when comparing versions (Fix TROVE-2017-001)

[Tor Bug Tracker & Wiki]

#21278: Avoid signed integer underflow when comparing versions (Fix TROVE-2017-001)
--------------------------+------------------------------------
 Reporter:  nickm         |          Owner:  nickm
     Type:  defect        |         Status:  needs_revision
 Priority:  Medium        |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  029-backport  |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by arma):

 Replying to [comment:3 nickm]:
 > Additionally, I found two more cases where we use the `if ((i = (a-b)))
 return i;` pattern to implement a comparison function.  I believe that
 they are both safe, but somebody should look them over.  The fixes for
 those are in my `bug21278_024_v2_extra` branch, on top of my
 `bug21278_024_v2` branch.

 I'm a big fan of what 0a2abb37 is doing (modulo the fixes that teor
 suggests). Since it's more of a belt-and-suspenders thing, is it more
 suited for 0.3.0?

 Whereas 557385874 is dir auth only (I think?), so there's no need for it
 to go earlier than 0.2.9. But you never know when sha1 collisions are
 going to drop, so I think putting it in 0.2.9 is reasonable if you want to
 do that. (On the other hand, once sha1 goes bad, "hey directory
 authorities, either start using the default value of --enable-fragile or
 upgrade to 0.3.0.x" seems like a totally doable statement too.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21278#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online