Opened 2 years ago

Closed 2 years ago

#24247 closed defect (fixed)

Fuzzing: check_signature mock can be fooled by a really short key.

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

Our mock function, mock_crypto_pk_public_checksig__nocheck, fails to behave properly when it gets a ridiculously short key: the caller will have allocated a small amount, but we'll write a 20-byte digest.

This is causing a false positive on OSS-Fuzz.

Child Tickets

Change History (3)

comment:1 Changed 2 years ago by nickm

Description: modified (diff)

comment:2 Changed 2 years ago by nickm

Status: assignedneeds_review

My branch bug24247_032 has a fix here. I'm merging it to master so OSS-Fuzz can confirm it; we should (could) consider it for an 0.3.2 backport.

comment:3 Changed 2 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Backported to 0.3.2, since it didn't explode over the weekend.

Note: See TracTickets for help on using tickets.