[tor-bugs] #22626 [Core Tor/Tor]: Missing stream NULL check in tor_compress_impl

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 16 22:22:59 UTC 2017


#22626: Missing stream NULL check in tor_compress_impl
---------------------------+------------------------------------
 Reporter:  teor           |          Owner:  ahf
     Type:  defect         |         Status:  assigned
 Priority:  Medium         |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor   |        Version:  Tor: 0.3.1.1-alpha
 Severity:  Normal         |     Resolution:
 Keywords:  memory-safety  |  Actual Points:
Parent ID:  #22502         |         Points:  1
 Reviewer:                 |        Sponsor:
---------------------------+------------------------------------

Comment (by teor):

 I wonder if it would be best to tor_assert() on UNKNOWN_METHOD, or BUG(),
 and then return a non-NULL state. An edge case where we don't check state
 correctly before calling could easily turn into a DoS bug.
 {{{
     case UNKNOWN_METHOD:
       goto err;
   }

   atomic_counter_add(&total_compress_allocation,
                      sizeof(tor_compress_state_t));
   return state;

  err:
   tor_free(state);
   return NULL;
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22626#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list