Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#4195 closed defect (fixed)

Stop using sscanf in rephist

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

To avoid well-known pitfalls, we use tor_sscanf in lieu of the system libc's sscanf.... everywhere except for 3 calls in rephist.c.

To fix those, we need support for %lu, %lf, %ld, and %d in tor_sscanf.

This is also coverity issue CID 448.

Child Tickets

Change History (6)

comment:1 Changed 8 years ago by nickm

Status: newneeds_review

See branch sscanf in my public repository.

comment:2 Changed 8 years ago by nickm

Milestone: Tor: 0.2.3.x-finalTor: 0.2.4.x-final

This is fiddly enough that I'm tossing it into 0.2.4.x. I hope somebody reviews it.

comment:3 Changed 7 years ago by andrea

This mostly looks okay to me. Two possible issues:

  • Should scan_signed() use scan_unsigned after it parses the '-' instead of duplicating that functionality?
  • Is scan_double() ever going to be used for user-supplied floating-point values? Should we perhaps document somewhere that it doesn't parse things like '2.56E+02'?

comment:4 Changed 7 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Thanks for the review!

Added some fixup! commits in branch sscanf; squashed and rebased in branch sscanf_squashed. Merged sscanf_squashed into master.

comment:5 Changed 7 years ago by nickm

Keywords: tor-relay added

comment:6 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.