Opened 19 months ago

Closed 19 months ago

Last modified 19 months ago

#6811 closed defect (fixed)

Crash bug in tor_timegm

Reported by: nickm Owned by:
Priority: critical Milestone: Tor: 0.2.2.x-final
Component: Tor Version:
Keywords: tor-relay Cc:
Actual Points: Parent ID:
Points:

Description

It looks like the assertion in tor_timegm is triggerable with bad inputs, according to asn. That's no good: we call it on untrusted inputs from directory objects.

Latest version of my preferred fix is in branch "timegm_assert_v2". It needs a little cleanup and a changes file. It might not be minimal.

Child Tickets

TicketSummaryOwner
#6832Add a unit test of the offending tor_timegm() input

Change History (6)

comment:1 Changed 19 months ago by nickm

  • Status changed from new to needs_review

comment:2 Changed 19 months ago by nickm

See timegm_assert_v2_squashed for the latest.

comment:3 Changed 19 months ago by nickm

Now see timegm_assert_v3

comment:4 Changed 19 months ago by nickm

  • Resolution set to fixed
  • Status changed from needs_review to closed

timegm_assert_v3_squashed is what I'm merging.

comment:5 Changed 19 months ago by nickm

  • Keywords tor-relay added

comment:6 Changed 19 months ago by nickm

  • Component changed from Tor Relay to Tor
Note: See TracTickets for help on using tickets.