[tor-bugs] #31012 [Core Tor/Tor]: tor-print-ed-signing-cert shows local time, without a timezone

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 28 10:55:00 UTC 2019


#31012: tor-print-ed-signing-cert shows local time, without a timezone
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:  rl1987
     Type:  defect        |         Status:  needs_revision
 Priority:  Medium        |      Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:  0.1
Parent ID:                |         Points:  0.1
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------
Changes (by teor):

 * status:  needs_review => needs_revision
 * actualpoints:   => 0.1
 * version:   => Tor: 0.3.5.1-alpha
 * milestone:  Tor: unspecified => Tor: 0.4.2.x-final


Comment:

 I left some comments on the PR.

 Please fix this crash:
 {{{
 $  src/tools/tor-print-ed-signing-cert ~/.tor/keys/ed25519_signing_cert
 Expires at: Tue Jul  2 17:00:00 2019

 =================================================================
 ==11166==ERROR: AddressSanitizer: stack-buffer-overflow on address
 0x7ffee8b04630 at pc 0x0001074297de bp 0x7ffee8b04350 sp 0x7ffee8b03ac8
 READ of size 23 at 0x7ffee8b04630 thread T0
     #0 0x1074297dd in printf_common(void*, char const*, __va_list_tag*)
 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x267dd)
     #1 0x10742a6bc in wrap_printf
 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x276bc)
     #2 0x1070fc689 in main tor-print-ed-signing-cert.c:77
     #3 0x7fff586df014 in start (libdyld.dylib:x86_64+0x1014)

 Address 0x7ffee8b04630 is located in stack of thread T0 at offset 464 in
 frame
     #0 0x1070fc21f in main tor-print-ed-signing-cert.c:17

   This frame has 5 object(s):
     [32, 40) 'cert' (line 18)
     [64, 72) 'got_tag' (line 27)
     [96, 352) 'certbuf' (line 29)
     [416, 424) 'expiration' (line 59)
     [448, 464) 'rfc822_str' (line 63) <== Memory access at offset 464
 overflows this variable
 HINT: this may be a false positive if your program uses some custom stack
 unwind mechanism or swapcontext
       (longjmp and C++ exceptions *are* supported)
 SUMMARY: AddressSanitizer: stack-buffer-overflow
 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x267dd) in
 printf_common(void*, char const*, __va_list_tag*)
 Shadow bytes around the buggy address:
   0x1fffdd160870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd160880: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
   0x1fffdd160890: 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00
   0x1fffdd1608a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd1608b0: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 f2 f2 f2
 =>0x1fffdd1608c0: 00 f2 f2 f2 00 00[f3]f3 00 00 00 00 00 00 00 00
   0x1fffdd1608d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd1608e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd1608f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd160900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd160910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 Shadow byte legend (one shadow byte represents 8 application bytes):
   Addressable:           00
   Partially addressable: 01 02 03 04 05 06 07
   Heap left redzone:       fa
   Freed heap region:       fd
   Stack left redzone:      f1
   Stack mid redzone:       f2
   Stack right redzone:     f3
   Stack after return:      f5
   Stack use after scope:   f8
   Global redzone:          f9
   Global init order:       f6
   Poisoned by user:        f7
   Container overflow:      fc
   Array cookie:            ac
   Intra object redzone:    bb
   ASan internal:           fe
   Left alloca redzone:     ca
   Right alloca redzone:    cb
 ==11166==ABORTING
 Abort trap: 6
 Exit 134
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31012#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list