[tor-bugs] #10363 [Tor]: Avoid additional pointer overflow in channeltls.c:channel_tls_process_certs_cells
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 11 19:41:46 UTC 2013
#10363: Avoid additional pointer overflow in
channeltls.c:channel_tls_process_certs_cells
------------------------+-------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: 024-backport 023-backport tor-relay
Actual Points: | Parent ID:
Points: |
------------------------+-------------------------------------------------
Description changed by nickm:
Old description:
> See #101313 for general discription.
>
> On IRC, bobnomnom notes a similar issue with
> channel_tls_process_certs_cells. In this case, the compiler can't easily
> optimize the pointer comparison away, so we don't need to worry about
> that, but technically speaking we might be constructing a pointer that
> wraps around ((void*)-1), which would give incorrect results.
>
> And undefined behavior is very bad. So let's just fix this. Let's hunt
> for other places it occurs too.
New description:
See #10313 for general discription.
On IRC, bobnomnom notes a similar issue with
channel_tls_process_certs_cells. In this case, the compiler can't easily
optimize the pointer comparison away, so we don't need to worry about
that, but technically speaking we might be constructing a pointer that
wraps around ((void*)-1), which would give incorrect results.
And undefined behavior is very bad. So let's just fix this. Let's hunt
for other places it occurs too.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10363#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list