Opened 8 months ago

Closed 7 months ago

#21496 closed defect (fixed)

Check string passed to extrainfo_parse_entry_from_string

Reported by: teor Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: clang, scan-build, memory-safety, review-group-17
Cc: Actual Points: 0
Parent ID: Points: .1
Reviewer: dgoulet Sponsor:

Description

scan-build reports the following out of bounds access, because it doesn't know that s is always non-NULL. But we should guard against it being NULL.

extrainfo_parse_entry_from_string:

+  if (BUG(!s))
+    return;
   while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')

Child Tickets

Change History (10)

comment:1 Changed 8 months ago by dgoulet

Milestone: Tor: 0.3.2.x-finalTor: 0.3.1.x-final

I think we can fix that in 031.

comment:2 Changed 8 months ago by nickm

Status: newneeds_review

comment:3 Changed 8 months ago by nickm

Actual Points: 0

Branch bug21496 in my public repo tries to implement the above idea. I moved the check earlier, and fixed compilation.

comment:4 Changed 8 months ago by nickm

Points: .1

comment:5 Changed 7 months ago by nickm

Owner: set to nickm
Status: needs_reviewaccepted

setting owner

comment:6 Changed 7 months ago by nickm

Status: acceptedneeds_review

comment:7 Changed 7 months ago by nickm

Keywords: review-group-17 added

comment:8 Changed 7 months ago by nickm

Whoops. The branch is feature21496.

comment:9 Changed 7 months ago by dgoulet

Reviewer: dgoulet
Status: needs_reviewmerge_ready

lgtm.

comment:10 Changed 7 months ago by nickm

Resolution: fixed
Status: merge_readyclosed

merged!

Note: See TracTickets for help on using tickets.