[tor-bugs] #30920 [Core Tor/Tor]: Detect uint64 overflow in config_parse_units()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 18 12:04:41 UTC 2019
#30920: Detect uint64 overflow in config_parse_units()
---------------------------+------------------------------------
Reporter: nickm | Owner: (none)
Type: defect | Status: new
Priority: Low | Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Minor | Resolution:
Keywords: easy overflow | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+------------------------------------
Comment (by guigom):
I haven't opened a PR yet but my branch for this ticket is in
[https://github.com/JMGuisadoG/tor/tree/ticket30920]
* Commit adding the u64_nowrap_mul & tests:
[https://github.com/JMGuisadoG/tor/commit/4dd5b593636a9f5944ca2069d1c22c2b4b03d335]
* Commit adding the check for overflow inside mem_parse_units & enabling
tests:
[https://github.com/JMGuisadoG/tor/commit/1ac4b346131fa0f49a5218553cd5d98affb82a76]
Replying to [comment:11 teor]:
> Maybe we should fail on anything larger than SSIZE_T_MAX?
> (SSIZE_T_MAX is half the maximum possible memory size.)
What the reason for checking half the maximum size?.
If that's a go and there's no problem with the code above I can change the
if statement accordingly.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30920#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list