[tor-commits] [tor/release-0.2.6] Don't use checked strl{cat, cpy} on OSX.

nickm at torproject.org nickm at torproject.org
Mon Mar 9 23:50:27 UTC 2015


commit 24c031b1a28658c921a746f4d58f3ca5e9994108
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Mar 9 15:09:49 2015 -0400

    Don't use checked strl{cat,cpy} on OSX.
    
    There is a bug in the overlap-checking in strlcat that can crash Tor
    servers.  Fixes bug 15205; this is an OSX bug, not a Tor bug.
---
 changes/bug15205    |    5 +++++
 src/common/compat.h |   12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/changes/bug15205 b/changes/bug15205
new file mode 100644
index 0000000..0cb9f3f
--- /dev/null
+++ b/changes/bug15205
@@ -0,0 +1,5 @@
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug
+      in OSX's _strlcat_chk() function. Fixes bug 15205; bug first
+      appeared in OSX 10.9. 
+      
diff --git a/src/common/compat.h b/src/common/compat.h
index ec7d241..531e88f 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -224,6 +224,18 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
 #define strncasecmp _strnicmp
 #define strcasecmp _stricmp
 #endif
+
+#if defined __APPLE__
+/* On OSX 10.9 and later, the overlap-checking code for strlcat would
+ * appear to have a severe bug that can sometimes cause aborts in Tor.
+ * Instead, use the non-checking variants.  This is sad.
+ *
+ * See https://trac.torproject.org/projects/tor/ticket/15205
+ */
+#undef strlcat
+#undef strlcpy
+#endif
+
 #ifndef HAVE_STRLCAT
 size_t strlcat(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
 #endif





More information about the tor-commits mailing list