Opened 4 years ago

Closed 4 years ago

#17658 closed defect (fixed)

Check buffer lengths and HMAC return value in crypto.c

Reported by: teor Owned by:
Priority: High Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I've made sure that buffer lengths are consistently checked, and that the return value of HMAC is checked in crypto.c.

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by teor

Status: newneeds_review

See my branch check-crypto-errors on

comment:2 Changed 4 years ago by nickm

Priority: MediumHigh

comment:3 Changed 4 years ago by nickm

I like 1ece83aa and fe5f43b0 just fine, but the one with all the new asserts looks maybe-wrong to me. The reason that we had to tor_assert(len<INT_MAX) in some cases before was that we were about to cast len to int in order to pass it to an openssl API that was written to accept int rather than size_t.

comment:4 Changed 4 years ago by nickm

Status: needs_reviewneeds_revision

comment:5 Changed 4 years ago by teor

Status: needs_revisionneeds_review

Please see my updated branch check-crypto-errors-v2, it has one commit for the HMAC changes, with an updated changes file and commit message:

Fixes bug #17658; bugfix on commit in fdbb9cdf746b (11 Oct 2011)
in tor version

comment:6 Changed 4 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Great; merged!

Note: See TracTickets for help on using tickets.