Opened 3 years ago

Closed 3 years ago

#21553 closed defect (fixed)

hs: bad use of sizeof() in encode_establish_intro_cell_legacy

Reported by: dgoulet Owned by:
Priority: Medium Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 030-backport, tor-hs
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Found by clang analysis:

  r = crypto_pk_private_sign_digest(intro_key, cell_body_out+len,
                                    cell_body_out, len);

The sizeof() here is wrong because cell_body_out is a pointer. However, we've been saved by the fact that this length is *not* used by the crypto_pk_private_sign_digest() call except for an assert.

This was introduced by a refactoring which went from having the body on the stack to a pointer as a function parameter.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by dgoulet

Status: newmerge_ready

See branch: bug21553_031_01. Going in merge_ready, this is pretty straight forward.

This is flagged for 030 backport as well for the next alpha.

comment:2 Changed 3 years ago by nickm

Milestone: Tor: 0.3.1.x-finalTor: 0.3.0.x-final
Resolution: fixed
Status: merge_readyclosed

Cherry-picked to 0.3.0, whitespace fixed, and merged forward.

Note: See TracTickets for help on using tickets.