[tor-bugs] #31682 [Core Tor/Tor]: CID 1453653: Integer handling (NEGATIVE_RETURNS) in build_establish_intro_dos_extension()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 7 09:24:50 UTC 2019
#31682: CID 1453653: Integer handling (NEGATIVE_RETURNS) in
build_establish_intro_dos_extension()
-------------------------------------------------+-------------------------
Reporter: teor | Owner: dgoulet
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, prop305, coverity | Actual Points: 0.1
042-should |
Parent ID: #29999 | Points: 0.1
Reviewer: asn | Sponsor:
| Sponsor27-must
-------------------------------------------------+-------------------------
Changes (by asn):
* status: needs_review => needs_revision
Comment:
Replying to [comment:3 dgoulet]:
> PR: https://github.com/torproject/tor/pull/1388
> Branch: `ticket31682_042_01`
Hmm, not fully satisfied with the added:
` tor_assert(ret > 0);` in this branch.
I know it's safe, but `trn_cell_extension_dos_encoded_len()` explicitly
returns `-1` in case of a bad object, so I think it's not right to assert
that the retval is gonna be positive. Also this might just cause another
coverity warning in the future.
Perhaps we can turn `build_establish_intro_dos_extension()` into an int-
returning function and do proper error checking on that function?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31682#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list