[tor-bugs] #28202 [Core Tor/Tor]: Bad end-of-string check in get_next_token (CID various)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 25 13:03:01 UTC 2018
#28202: Bad end-of-string check in get_next_token (CID various)
-------------------------+-------------------------------------------------
Reporter: nickm | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.5.x-final
Component: Core | Version:
Tor/Tor | Keywords: 029-backport 033-backport
Severity: Normal | 034-backport
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------+-------------------------------------------------
There's a coverity warning about an overflow in test_parsecommmon. I
think it is happening because of this code:
{{{
*s + 16 >= eol
}}}
That's the wrong way to test for end-of-string, since C says that *s+16 is
undefined behavior if the resulting pointer would be more than 1 off the
end of the allocated byte array.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28202>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list