Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#3376 closed defect (fixed)

[PATCH] Avoid a NULL dereference in node nickname comparison.

Reported by: meyering Owned by:
Priority: Medium Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

  • src/or/routerlist.c (node_nickname_matches): Don't dereference NULL

via hex_digest_nickname_matches when node_get_nickname returns NULL.
Spotted by Coverity.

Child Tickets

Attachments (1)

tor-nick-null-deref.patch (1.0 KB) - added by meyering 6 years ago.

Download all attachments as: .zip

Change History (7)

Changed 6 years ago by meyering

Attachment: tor-nick-null-deref.patch added

comment:1 Changed 6 years ago by Sebastian

Hrm, where is the result actually dereferenced? I don't see it currently.

comment:2 Changed 6 years ago by nickm

Hrm, where is the result actually dereferenced? I don't see it currently.

The value n is passed as "nickname" to hex_digest_nickname_matches(), where it can be passed to strcasecmp.

I think that this fix is incorrect. Assuming it becomes possible to have a node_t without a nickname, we would still want it to match "$identity". So I believe the right fix is instead to change hex_digest_nickname_matches so that it tolerates nickname==NULL correctly.

comment:3 Changed 6 years ago by nickm

Milestone: Tor: 0.2.3.x-final

comment:4 Changed 6 years ago by nickm

Resolution: fixed
Status: newclosed

Looks like I went and fixed this for Coverity back in eca982d3eb1e7 ; marking this one as closed

comment:5 Changed 5 years ago by nickm

Keywords: tor-relay added

comment:6 Changed 5 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.