[tor-bugs] #26093 [- Select a component]: memalign() may fail
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun May 13 05:49:17 UTC 2018
#26093: memalign() may fail
--------------------------------------+--------------------
Reporter: Dhiraj | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+--------------------
Hi Team,
I am not sure about this issue please advise,
https://github.com/torproject/tor/blob/master/src/ext/OpenBSD_malloc_Linux.c#L295
i.e
void *memalign(size_t boundary, size_t size);
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable.
Also note that memalign() may not check that the boundary parameter is
correct such as (CWE-676).
Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to
valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is
no longer defined in SUSv3. In some cases, malloc()'s alignment may be
sufficient.
Request team to please have a look.
Regards
Dhiraj
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26093>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list