[tor-bugs] #30920 [Core Tor/Tor]: Detect uint64 overflow in config_parse_units()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 17 19:33:25 UTC 2019
#30920: Detect uint64 overflow in config_parse_units()
---------------------------+------------------------------------
Reporter: nickm | Owner: (none)
Type: defect | Status: needs_revision
Priority: Low | Milestone: Tor: 0.4.3.x-final
Component: Core Tor/Tor | Version:
Severity: Minor | Resolution:
Keywords: easy overflow | Actual Points: 0.2
Parent ID: | Points:
Reviewer: teor | Sponsor:
---------------------------+------------------------------------
Comment (by guigom):
Replying to [comment:24 nickm]:
> Looks good to me too. It just needs some documentation updates and (I
think) a sign check.
Which documentation specifically? torrc options in the man page?
About the sign check (if I understand correctly, checking if possitive),
is this because {{{tor_parse_double}}} does not indeed use the {{{min}}}
parameter?
Wouldn't the bit sign for negative numbers end up giving a uint
representation greater than INT64_MAX thus failing the uint check?
{{{
double
tor_parse_double(const char *s, double min, double max, int *ok, char
**next)
{
char *endptr;
double r;
errno = 0;
r = strtod(s, &endptr);
CHECK_STRTOX_RESULT();
}
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30920#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list