Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#4434 closed defect (implemented)

Buffer bounds check bug in tor_addr_to_str

Reported by: 4ZM Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords: tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Buffer bounds check bug in tor_addr_to_str

Fix available @ https://github.com/4ZM/Tor
Branch: topic/test/address
Commit: 5d6cfb940ac72b32532fc8437a81371511c027ee

Child Tickets

Change History (7)

comment:1 Changed 8 years ago by 4ZM

Status: newneeds_review

comment:2 Changed 8 years ago by nickm

Looks good! I can cherry-pick this commit if you want, or wait for a cleaned-up branch that doesn't also have #4433 and #4432 on it.

Small stuff to fix or not, your choice:

The failing test_eq checks should probably be doing a test_ptr_eq test for NULL; test_eq is (conceptually) supposed to be for numeric types.

From a black-box testing perspective, I note that in all the cases that test for a "too short buf", the buffer length is smaller than the smallest possible value of that type. Does it also work correctly in the case where (for example) we want to put the address 255.255.255.255 into a 10-byte buffer?

comment:3 Changed 8 years ago by 4ZM

Please hold of on cherry picking this.

I will clean up the branch and impl. the changes you suggested. I'll let you know when it's done.

comment:4 Changed 8 years ago by 4ZM

The git repo has been cleaned up and the suggestions implemented.

While implementing the "longer address" suggestion I stumbled across another bug in tor_inet_ntop. This is also fixed on this branch.

The new branch is: topic/test/4434_address @ https://github.com/4ZM/Tor

comment:5 Changed 8 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

Looks good!

Adding a changes file and merging.

comment:6 Changed 7 years ago by nickm

Keywords: tor-client added

comment:7 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.