Opened 3 months ago

Closed 3 months ago

#21553 closed defect (fixed)

hs: bad use of sizeof() in encode_establish_intro_cell_legacy

Reported by: dgoulet Owned by:
Priority: Medium Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 030-backport, tor-hs
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Found by clang analysis:

  r = crypto_pk_private_sign_digest(intro_key, cell_body_out+len,
                                    sizeof(cell_body_out)-len,
                                    cell_body_out, len);

The sizeof() here is wrong because cell_body_out is a pointer. However, we've been saved by the fact that this length is *not* used by the crypto_pk_private_sign_digest() call except for an assert.

This was introduced by a refactoring which went from having the body on the stack to a pointer as a function parameter.

Child Tickets

Change History (2)

comment:1 Changed 3 months ago by dgoulet

  • Status changed from new to merge_ready

See branch: bug21553_031_01. Going in merge_ready, this is pretty straight forward.

This is flagged for 030 backport as well for the next alpha.

comment:2 Changed 3 months ago by nickm

  • Milestone changed from Tor: 0.3.1.x-final to Tor: 0.3.0.x-final
  • Resolution set to fixed
  • Status changed from merge_ready to closed

Cherry-picked to 0.3.0, whitespace fixed, and merged forward.

Note: See TracTickets for help on using tickets.