Opened 19 months ago
Closed 19 months ago
#26093 closed defect (not a bug)
memalign() may fail
| Reported by: | Dhiraj | Owned by: | |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Core Tor/Tor | Version: | |
| Severity: | Normal | Keywords: | |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
Hi Team,
I am not sure about this issue please advise,
https://github.com/torproject/tor/blob/master/src/ext/OpenBSD_malloc_Linux.c#L295
i.e
void *memalign(size_t boundary, size_t size);
On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable.
Also note that memalign() may not check that the boundary parameter is correct such as (CWE-676).
Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient.
Request team to please have a look.
Regards
Dhiraj
Child Tickets
Change History (3)
comment:1 Changed 19 months ago by
| Component: | - Select a component → Core Tor/Tor |
|---|
comment:2 Changed 19 months ago by
comment:3 Changed 19 months ago by
| Resolution: | → not a bug |
|---|---|
| Status: | new → closed |
But that's dead code...
$ ag memalign src/ext/OpenBSD_malloc_Linux.c 295:void *memalign(size_t boundary, size_t size); 1992:int posix_memalign(void **memptr, size_t alignment, size_t size) 2015:void *memalign(size_t boundary, size_t size) 2018: posix_memalign(&r, boundary, size); 2025: posix_memalign(&r, malloc_pagesize, size);
memalign() in OpenBSD_malloc_Linux.c is not used anywhere and not even compiled in by default.
Depends #20424 resolution.