[tor-bugs] #33140 [Core Tor]: Clusterfuzz environment flags reused for dependencies

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 3 16:13:10 UTC 2020


#33140: Clusterfuzz environment flags reused for dependencies
-----------------------------------+------------------------
 Reporter:  cypherpunks            |          Owner:  (none)
     Type:  defect                 |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Core Tor               |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  clusterfuzz, oss-fuzz  |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------

Comment (by nickm):

 >This sounds wrong. If we're fuzzing tor then why are we also
 instrumenting dependencies for clusterfuzz? It looks like the dependencies
 should override these flags when built to avoid conflicts.

 I'm no fuzzing expert, but here is my understanding:

 I think we want to instrument everything, so that we can find it when code
 outside of Tor is caused by Tor to leak memory, invoke undefined behavior,
 or whatever.

 Even though openssl is fuzzed itself, that's no guarantee that Tor is
 using openssl correctly: we might be invoking an openssl function with a
 too-short buffer, or using it with an uninitialized object.  If we did,
 then the fuzzers might not find that unless the openssl code that we're
 using is also implemented.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33140#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list