#22626: Missing stream NULL check in tor_compress_impl ---------------------------+------------------------------------ Reporter: teor | Owner: ahf Type: defect | Status: assigned Priority: Medium | Milestone: Tor: 0.3.1.x-final Component: Core Tor/Tor | Version: Tor: 0.3.1.1-alpha Severity: Normal | Resolution: Keywords: memory-safety | Actual Points: Parent ID: #22502 | Points: 1 Reviewer: | Sponsor: ---------------------------+------------------------------------
Comment (by teor): I wonder if it would be best to tor_assert() on UNKNOWN_METHOD, or BUG(), and then return a non-NULL state. An edge case where we don't check state correctly before calling could easily turn into a DoS bug. {{{ case UNKNOWN_METHOD: goto err; } atomic_counter_add(&total_compress_allocation, sizeof(tor_compress_state_t)); return state; err: tor_free(state); return NULL; }}} -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22626#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs