Re: [tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR

[Tor Bug Tracker & Wiki]

#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
---+---
 Reporter:  asn|  Owner:  rl1987
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:  Tor:
   |  0.4.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  coverity, regression?, 041-should  |  Actual Points:
Parent ID: | Points:
 Reviewer:  ahf|Sponsor:
---+---
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Okay -- squashed and merged.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR

[Tor Bug Tracker & Wiki]

#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
---+---
 Reporter:  asn|  Owner:  rl1987
 Type:  defect | Status:
   |  merge_ready
 Priority:  Medium |  Milestone:  Tor:
   |  0.4.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  coverity, regression?, 041-should  |  Actual Points:
Parent ID: | Points:
 Reviewer:  ahf|Sponsor:
---+---
Changes (by ahf):

 * status:  needs_review => merge_ready


Comment:

 I think this looks good.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR

[Tor Bug Tracker & Wiki]

#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
---+---
 Reporter:  asn|  Owner:  rl1987
 Type:  defect | Status:
   |  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.4.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  coverity, regression?, 041-should  |  Actual Points:
Parent ID: | Points:
 Reviewer:  ahf|Sponsor:
---+---
Changes (by rl1987):

 * status:  assigned => needs_review


Comment:

 That makes the patch simpler, so let's try it.

 https://github.com/torproject/tor/pull/1035

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR

[Tor Bug Tracker & Wiki]

#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
---+---
 Reporter:  asn|  Owner:  rl1987
 Type:  defect | Status:  assigned
 Priority:  Medium |  Milestone:  Tor:
   |  0.4.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  coverity, regression?, 041-should  |  Actual Points:
Parent ID: | Points:
 Reviewer:  ahf|Sponsor:
---+---
Changes (by rl1987):

 * status:  needs_revision => assigned
 * owner:  (none) => rl1987


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR

[Tor Bug Tracker & Wiki]

#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
--+
 Reporter:  asn   |  Owner:  (none)
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  coverity  |  Actual Points:
Parent ID:| Points:
 Reviewer:  ahf   |Sponsor:
--+
Changes (by ahf):

 * status:  needs_review => needs_revision


Comment:

 The fix for 1444908 seems OK, but I don't think the fix for 1444769 is
 right. Changing the NUL bytes to ' ' seems like it will just yield weird
 results later iff that path is taken. We can't set the file length to the
 length of the string up until the first NUL byte/EOF?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR

[Tor Bug Tracker & Wiki]

#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
--+
 Reporter:  asn   |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  coverity  |  Actual Points:
Parent ID:| Points:
 Reviewer:  ahf   |Sponsor:
--+
Changes (by dgoulet):

 * reviewer:   => ahf


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR

[Tor Bug Tracker & Wiki]

#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
--+
 Reporter:  asn   |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  coverity  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by rl1987):

 * status:  new => needs_review


Comment:

 https://github.com/torproject/tor/pull/1001

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR

[Tor Bug Tracker & Wiki]

#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
--+
 Reporter:  asn   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  coverity
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Got two new coverity issues:

 {{{
 *** CID 1444908:  Concurrent data access violations  (MISSING_LOCK)
 /src/test/rng_test_helpers.c: 190 in testing_enable_prefilled_rng()
 184 {
 185   tor_assert(buflen > 0);
 186   rng_mutex = tor_mutex_new();
 187
 188   prefilled_rng_buffer = tor_memdup(buffer, buflen);
 189   prefilled_rng_buflen = buflen;
 >>> CID 1444908:  Concurrent data access violations  (MISSING_LOCK)
 >>> Accessing "prefilled_rng_idx" without holding lock
 "tor_mutex_t.mutex". Elsewhere, "prefilled_rng_idx" is accessed with
 >>> "tor_mutex_t.mutex" held 3 out of 4 times (1 of these accesses
 strongly imply that it is necessary).
 190   prefilled_rng_idx = 0;
 191
 192   MOCK(crypto_rand, crypto_rand_prefilled);
 193   MOCK(crypto_strongest_rand_, mock_crypto_strongest_rand);
 194 }
 195

 ** CID 1444769:  Insecure data handling  (TAINTED_SCALAR)

 

 *** CID 1444769:  Insecure data handling  (TAINTED_SCALAR)
 /src/feature/nodelist/microdesc.c: 540 in microdesc_cache_reload()
 534   }
 535
 536   journal_content = read_file_to_str(cache->journal_fname,
 537  RFTS_IGNORE_MISSING, );
 538   if (journal_content) {
 539 cache->journal_len = (size_t) st.st_size;
 >>> CID 1444769:  Insecure data handling  (TAINTED_SCALAR)
 >>> Passing tainted variable "journal_content" to a tainted sink.
 540 warn_if_nul_found(journal_content, cache->journal_len, 0,
 541   "reading microdesc journal");
 542 added = microdescs_add_to_cache(cache, journal_content,
 543 journal_content+st.st_size,
 544 SAVED_IN_JOURNAL, 0, -1,
 NULL);
 545 if (added) {
 

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs