[tor-bugs] #2331 [Tor Relay]: Possible integer overflows in base32_encode, base32_decode
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Jan 3 20:23:09 UTC 2011
#2331: Possible integer overflows in base32_encode, base32_decode
-----------------------+----------------------------------------------------
Reporter: rransom | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.2.x-final
Component: Tor Relay | Version:
Keywords: easy | Parent:
-----------------------+----------------------------------------------------
Changes (by nickm):
* priority: critical => normal
* milestone: Tor: 0.2.1.x-final => Tor: 0.2.2.x-final
Comment:
Hm. Fortunately, we never use base32_encode/base32_decode for anything
other than:
* generating random hostnames from values of lengths that never approach
UINT_MAX/8
* manipulating hidden service IDs and secrets, where every use case
involves a constant input length and a constant output length, neither of
which approaches UINT_MAX/8.
So this isn't triggerable for now afaict. We should fix it anyway, of
course.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2331#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list