[tor-bugs] #17739 [Tor]: Refactor clock skew warning code to avoid duplication
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 10 20:22:20 UTC 2015
#17739: Refactor clock skew warning code to avoid duplication
---------------------------------------------+-----------------------------
Reporter: teor | Owner:
Type: enhancement | Status:
Priority: Medium | needs_revision
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: easy refactor TorCoreTeam201512 | Version: Tor:
Parent ID: #9675 | unspecified
Sponsor: | Resolution:
| Actual Points:
| Points:
---------------------------------------------+-----------------------------
Changes (by teor):
* status: needs_review => needs_revision
Comment:
We're almost there!
Looks great, except for this one bit:
{{{
if (conn)
tor_asprintf(&source, "%s:%s:%d", source, conn->address, conn->port);
}}}
We can't guarantee that source will be large enough to hold the combined
strings of source, conn->address, and conn->port. (And reading from a
string to print into itself is risky, even if it works. It's much nicer to
take read-only strings.)
Please use a (stack allocated) buffer that's large enough to hold a
reasonable-length source / address / port string:
* all the existing sources are under 20 characters long,
* a max-length IPv6 address, and max-length port are MAX_ADDRESS_LENGTH
long.
If you use tor_snprintf, it will make sure you don't go over the length of
the buffer.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17739#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list