[tor-bugs] #27316 [Core Tor/Tor]: protover.c accepts arbitrary bytes in protocol names

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Sep 14 02:08:17 UTC 2018


#27316: protover.c accepts arbitrary bytes in protocol names
-------------------------------------------------+-------------------------
 Reporter:  cyberpunks                           |          Owner:
                                                 |  cyberpunks
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.9.4-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  protover, 029-backport,              |  Actual Points:
  032-backport, 033-backport, 034-backport       |
Parent ID:                                       |         Points:
 Reviewer:  teor                                 |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * keywords:
     protover, 029-backport, 032-backport, 033-backport, 034-backport,
     unicode
     => protover, 029-backport, 032-backport, 033-backport, 034-backport
 * status:  needs_review => needs_revision
 * milestone:  Tor: unspecified => Tor: 0.3.5.x-final


Comment:

 > Can this make it to 0.3.5?

 The 0.3.5 feature freeze is today (Friday 14 September).

 But bug fixes are not features, so we review them and backport them to
 previous releases as needed.

 I tried reviewing this branch, but it seems to contain a whole bunch of
 fixes. Most of the fixes have other tickets. Can you provide one branch
 per fix, with no other fixes?

 If there are dependencies, can you say which branches depend on other
 branches, so that I know which branches to review first?

 Also, we try not to use `tor_assert()` for non-fatal bugs, because it
 terminates the process. Instead, we use `tor_assert_nonfatal()`, or
 `if(BUG()) { /* action on failure */ }`.

 This branch doesn't merge cleanly into master, I think because some of the
 fixes have already been merged to master. Can you rebase this branch on
 the latest maint-0.2.9?

 I opened a pull request for this branch on 0.2.9 here:
 https://github.com/torproject/tor/pull/332

 Once the merge conflicts are fixed, we can merge to 0.3.4 to get Appveyor
 CI as well.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27316#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list