subject:"Re\: \[tor\-bugs\] #19223 \[Core Tor\/Tor\]\: Potential heap corruption in do

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

2016-10-11 Thread Tor Bug Tracker & Wiki

#19223: Potential heap corruption in do_getpass in routerkeys.c
-+-
 Reporter:  asn  |  Owner:
 Type:  defect   | Status:  closed
 Priority:  Low  |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-bug-bounty, 028-backport,|  Actual Points:
  isaremoved, nickwants029, review-group-10  |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 lgtm; merged!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

2016-10-10 Thread Tor Bug Tracker & Wiki

#19223: Potential heap corruption in do_getpass in routerkeys.c
-+-
 Reporter:  asn  |  Owner:
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Low  |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-bug-bounty, 028-backport,|  Actual Points:
  isaremoved, nickwants029, review-group-10  |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * status:  needs_review => merge_ready


Comment:

 Hello,

 I reviewed nherring's patch and it seems alright. I also tested it against
 Guido's PoC and ASAN does not crash anymore.

 BTW, since no branch was provided, I pushed nherring's patch on my repo as
 `bug19223` and also added a changes file. Please check it out.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

2016-09-30 Thread Tor Bug Tracker & Wiki

#19223: Potential heap corruption in do_getpass in routerkeys.c
-+-
 Reporter:  asn  |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  Low  |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-bug-bounty, 028-backport,|  Actual Points:
  isaremoved nickwants029|
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  new => needs_review
 * milestone:  Tor: 0.2.??? => Tor: 0.2.9.x-final


Comment:

 Hi! Ive marked this for review, and since it's small, I've marked it for
 potential inclusion in 0.2.9.

 For more information about tests, code review, submission, etc, look at
 the doc/HACKING subdirectory of the Tor source tree, especially
 doc/HACKING/GettingStarted.md

 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

2016-09-30 Thread Tor Bug Tracker & Wiki

#19223: Potential heap corruption in do_getpass in routerkeys.c
-+-
 Reporter:  asn  |  Owner:
 Type:  defect   | Status:  new
 Priority:  Low  |  Milestone:  Tor:
 |  0.2.???
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-bug-bounty, 028-backport,|  Actual Points:
  isaremoved nickwants029|
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
-+-

Comment (by nherring):

 Have a suggested fix, but don't know the model for adding tests, code
 review, submission, etc. Ptr to FAQ/instructions appreciated.

 {{{
 $ git diff src/or/routerkeys.c
 diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
 index 060ffd8..d5e7051 100644
 --- a/src/or/routerkeys.c
 +++ b/src/or/routerkeys.c
 @@ -48,8 +48,8 @@ do_getpass(const char *prompt, char *buf, size_t buflen,
  size_t p2len = strlen(prompt) + 1;
  if (p2len < sizeof(msg))
p2len = sizeof(msg);
 -prompt2 = tor_malloc(strlen(prompt)+1);
 -memset(prompt2, ' ', p2len);
 +prompt2 = tor_malloc(p2len);
 +memset(prompt2, ' ', p2len - sizeof(msg));
  memcpy(prompt2 + p2len - sizeof(msg), msg, sizeof(msg));

  buf2 = tor_malloc_zero(buflen);
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

2016-08-12 Thread Tor Bug Tracker & Wiki

#19223: Potential heap corruption in do_getpass in routerkeys.c
-+-
 Reporter:  asn  |  Owner:
 Type:  defect   | Status:  new
 Priority:  Low  |  Milestone:  Tor:
 |  0.2.???
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-bug-bounty, 028-backport,|  Actual Points:
  isaremoved nickwants029|
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:  tor-bug-bounty, 028-backport, isaremoved => tor-bug-bounty,
 028-backport, isaremoved nickwants029


Comment:

 This would IMO be even less than .5 points to fix, and it implies a
 potential security issue down the road if we don't.  (We would be kicking
 ourselves if this ever bit us.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

2016-06-02 Thread Tor Bug Tracker & Wiki

#19223: Potential heap corruption in do_getpass in routerkeys.c
-+-
 Reporter:  asn  |  Owner:
 Type:  defect   | Status:  new
 Priority:  Low  |  Milestone:  Tor:
Component:  Core Tor/Tor |  0.2.9.x-final
 Severity:  Normal   |Version:  Tor:
 Keywords:  tor-bug-bounty 028-backport  |  unspecified
Parent ID:   | Resolution:
 Reviewer:   |  Actual Points:
 | Points:  0.5
 |Sponsor:
-+-
Changes (by nickm):

 * keywords:  tor-bug-bounty => tor-bug-bounty 028-backport
 * milestone:  Tor: 0.2.??? => Tor: 0.2.9.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

Re: [tor-bugs] #19223 [Core Tor/Tor]: Potential heap corruption in do_getpass in routerkeys.c

6 matches

Site Navigation

Mail list logo

Footer information