[tor-bugs] #28120 [Core Tor/Tor]: hs_descriptor: CID 1440368: Incorrect expression (SIZEOF_MISMATCH)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 19 11:39:21 UTC 2018
#28120: hs_descriptor: CID 1440368: Incorrect expression (SIZEOF_MISMATCH)
-----------------------------+------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: coverity tor-hs | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------+------------------------
Comment (by asn):
Caused by #27549 changes.
The issue is:
{{{
uint8_t *keystream = NULL;
...
memwipe(keystream, 0, sizeof(keystream));
}}}
that is, we use the sizeof the pointer to memwipe, instead of the actual
length of the `keystream` array.
The patch would have been trivial but the issue is that the length of the
keystream array
is hidden inside `build_descriptor_cookie_keys()`. Should we break the
layering and also compute the length out of that function? Or should we
make a new function that wipes the cookie key and is aware of the length?
Or what?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28120#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list