[tor-bugs] #22926 [Core Tor/Tor]: The Tor compression code can call functions that are NULL

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 13 05:31:15 UTC 2018 

#22926: The Tor compression code can call functions that are NULL
-----------------------------+------------------------------------
 Reporter:  teor             |          Owner:  ahf
     Type:  defect           |         Status:  needs_revision
 Priority:  Medium           |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor     |        Version:  Tor: 0.3.1.1-alpha
 Severity:  Normal           |     Resolution:
 Keywords:  review-group-32  |  Actual Points:
Parent ID:                   |         Points:  1
 Reviewer:  mikeperry        |        Sponsor:
-----------------------------+------------------------------------

Comment (by Hello71):

 Replying to [comment:25 teor]:
 > shadow's tor plugin will fail this test, as will many platforms that use
 tor as a library.

 did you test this? if so, what steps exactly did you use? as far as I can
 tell, shadow-plugin-tor:

 1. does not use weak linking at all
 2. does not actually build the plugin using autotools, so almost any
 "funny business" that the plugin build process could do would not be
 detected by any configure.ac checks anyways.

 however, after extensive research, I have found that apparently on Mac,
 the linker (whose official man page is not even available online!) allows
 you to shoot your whole limb off at the same time using the poorly-
 engineered `-weak_reference_mismatches` and `-weak-l` options. as pointed
 out in the man page, these options are poorly designed because it silently
 alters the behavior of unrelated program code. these options are in fact
 so poorly conceived that Googling for "weak_reference_mismatches" returns
 almost entirely results saying to turn it off.

 however! even if this option is passed, I am still convinced that the
 configure check will be almost entirely ineffective for three reasons.

 1. assuming the library is installed correctly, even if the user has
 enabled the limb-gun option, this configure check will pass just fine, and
 even the build products will function correctly. only if the user
 subsequently *uninstalls* the library, tor will suddenly start crashing.
 (and again, only if you used the limb-gun option.)
 2. if the library provides only a subset of the necessary symbols, tor
 will compile but fail to run. unfortunately, the configure check still
 doesn't help, because it only checks that the version function works
 (which is the only function sorta guaranteed not to ever change, the
 opposite of the requirement here), not that all the functions work.
 3. as far as I know, autotools does not support magically configuring an
 executable to be compiled as a shared library instead. this is why shadow-
 plugin-tor doesn't bother and builds tor with cmake instead. this
 configure check will obviously not work if it is not called.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22926#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list