[tor-bugs] #27730 [Core Tor/Tor]: CID 1439330: "st.st_size > 9223372036854775807L" is always false
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 16 23:59:44 UTC 2018
#27730: CID 1439330: "st.st_size > 9223372036854775807L" is always false
------------------------------+--------------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: coverity
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
Coverity claims:
{{{
*** CID 1439330: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/lib/crypt_ops/crypto_rsa.c: 554 in
crypto_pk_read_private_key_from_filename()
548 const char *keyfile)
549 {
550 struct stat st;
551 char *buf = read_file_to_str(keyfile, 0, &st);
552 if (!buf)
553 return -1;
CID 1439330: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"st.st_size > 9223372036854775807L" is always false regardless of the
values of its operands. This occurs as the logical operand of "if".
554 if (st.st_size > SSIZE_MAX)
555 return -1;
556
557 int rv = crypto_pk_read_private_key_from_string(env, buf,
558
(ssize_t)st.st_size);
559 memwipe(buf, 0, (size_t)st.st_size);
}}}
But st_size is off_t, and the POSIX standard doesn't require a particular
size for off_t:
{{{
blkcnt_t and off_t shall be signed integer types.
}}}
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html#tag_13_67
In particular, some 32-bit pointer (SSIZE_MAX) operating systems may have
a 64-bit file off_t. (I know that at least one BSD does, and I suspect
that macOS and Linux also do in their 64-bit file size modes.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27730>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list