Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#6811 closed defect (fixed)

Crash bug in tor_timegm

Reported by: nickm Owned by:
Priority: Very High Milestone: Tor: 0.2.2.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


It looks like the assertion in tor_timegm is triggerable with bad inputs, according to asn. That's no good: we call it on untrusted inputs from directory objects.

Latest version of my preferred fix is in branch "timegm_assert_v2". It needs a little cleanup and a changes file. It might not be minimal.

Child Tickets

#6832closedAdd a unit test of the offending tor_timegm() inputCore Tor/Tor

Change History (6)

comment:1 Changed 8 years ago by nickm

Status: newneeds_review

comment:2 Changed 8 years ago by nickm

See timegm_assert_v2_squashed for the latest.

comment:3 Changed 8 years ago by nickm

Now see timegm_assert_v3

comment:4 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

timegm_assert_v3_squashed is what I'm merging.

comment:5 Changed 8 years ago by nickm

Keywords: tor-relay added

comment:6 Changed 8 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.