[tor-bugs] #26522 [Core Tor/Tor]: strncat() without bounds
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 27 11:58:15 UTC 2018
#26522: strncat() without bounds
----------------------------------------+----------------------------------
Reporter: Dhiraj | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Major | Resolution:
Keywords: security-low, 035-proposed | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------+----------------------------------
Changes (by teor):
* keywords: => security-low, 035-proposed
* version: Tor: unspecified =>
* milestone: => Tor: unspecified
Comment:
Marking as "security-low" in 0.3.5, because our use of strncat() is a
defence in depth mechanism that doesn't provide as much security as it
should:
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
We should review all uses of strncat() to make sure we always pass the
*remaining*string length.
(And all uses of strlcat() to make sure we check the return value.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26522#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list