[tor-bugs] #22926 [Core Tor/Tor]: The Tor compression code can call functions that are NULL

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 6 18:26:28 UTC 2018


#22926: The Tor compression code can call functions that are NULL
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:  ahf
     Type:  defect        |         Status:  needs_review
 Priority:  Medium        |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.1.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:  1
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by ahf):

 I'm conflicted about this.

 I don't think doing this is a particularly good solution. I added the
 changes to the zlib code in case we move away from Tor's
 `TOR_SEARCH_LIBRARY()` where this issue isn't detected.

 The other option is that we add the `configure` checks that
 `TOR_SEARCH_LIBRARY()` adds to `configure` to ensure that our zstd/lzma
 code works in the same way.

 This is of course still an issue for OpenSSL, Libevent, and other external
 dependencies we may have.

 Would you prefer a `configure` check to this or should we do something
 entirely different?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22926#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list