[tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 2 14:42:09 UTC 2019
#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
------------------------------+--------------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: coverity
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
Got two new coverity issues:
{{{
*** CID 1444908: Concurrent data access violations (MISSING_LOCK)
/src/test/rng_test_helpers.c: 190 in testing_enable_prefilled_rng()
184 {
185 tor_assert(buflen > 0);
186 rng_mutex = tor_mutex_new();
187
188 prefilled_rng_buffer = tor_memdup(buffer, buflen);
189 prefilled_rng_buflen = buflen;
>>> CID 1444908: Concurrent data access violations (MISSING_LOCK)
>>> Accessing "prefilled_rng_idx" without holding lock
"tor_mutex_t.mutex". Elsewhere, "prefilled_rng_idx" is accessed with
>>> "tor_mutex_t.mutex" held 3 out of 4 times (1 of these accesses
strongly imply that it is necessary).
190 prefilled_rng_idx = 0;
191
192 MOCK(crypto_rand, crypto_rand_prefilled);
193 MOCK(crypto_strongest_rand_, mock_crypto_strongest_rand);
194 }
195
** CID 1444769: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1444769: Insecure data handling (TAINTED_SCALAR)
/src/feature/nodelist/microdesc.c: 540 in microdesc_cache_reload()
534 }
535
536 journal_content = read_file_to_str(cache->journal_fname,
537 RFTS_IGNORE_MISSING, &st);
538 if (journal_content) {
539 cache->journal_len = (size_t) st.st_size;
>>> CID 1444769: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "journal_content" to a tainted sink.
540 warn_if_nul_found(journal_content, cache->journal_len, 0,
541 "reading microdesc journal");
542 added = microdescs_add_to_cache(cache, journal_content,
543 journal_content+st.st_size,
544 SAVED_IN_JOURNAL, 0, -1,
NULL);
545 if (added) {
}}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30361>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list