[tor-bugs] #22789 [Core Tor/Tor]: Tor 0.3.1.4-alpha crash on OpenBSD-current
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 3 14:22:30 UTC 2017
#22789: Tor 0.3.1.4-alpha crash on OpenBSD-current
----------------------------------------------+----------------------------
Reporter: fredzupy | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor:
| 0.3.1.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.1.4-alpha
Severity: Major | Resolution:
Keywords: tor crash inet_pton ???-backport | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+----------------------------
Comment (by nickm):
Good diagnosis! I spent the weekend fuzzing tor_inet_pton(), to no
effect-- because this bug will only affect systems where strtol works the
same way[*] openbsd's strtol does does.
Let's also audit the other ato* and strto* usages in Tor to see if they're
affected by this issue.
[*] To my mind, this comes down to an interpretation of these sentences in
section 7.20.1.4 in the C99 standard:
>3. [...] . If the value of base is 16, the characters 0x or 0X may
optionally precede the sequence of letters and digits, following the sign
if present.
>4. The subject sequence is defined as the longest initial subsequence of
the input string, starting with the first non-white-space character, that
is of the expected form. [...]
I'm not enough of a standards guru to interpret whether openbsd's behavior
here is allowed or not, but it might be a good idea to get a second
opinion.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22789#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list