#22926: The Tor compression code can call functions that are NULL -----------------------------+------------------------------------ Reporter: teor | Owner: ahf Type: defect | Status: needs_revision Priority: Medium | Milestone: Tor: 0.3.3.x-final Component: Core Tor/Tor | Version: Tor: 0.3.1.1-alpha Severity: Normal | Resolution: Keywords: review-group-32 | Actual Points: Parent ID: | Points: 1 Reviewer: mikeperry | Sponsor: -----------------------------+------------------------------------
Comment (by Hello71): Replying to [comment:25 teor]: > shadow's tor plugin will fail this test, as will many platforms that use tor as a library. did you test this? if so, what steps exactly did you use? as far as I can tell, shadow-plugin-tor: 1. does not use weak linking at all 2. does not actually build the plugin using autotools, so almost any "funny business" that the plugin build process could do would not be detected by any configure.ac checks anyways. however, after extensive research, I have found that apparently on Mac, the linker (whose official man page is not even available online!) allows you to shoot your whole limb off at the same time using the poorly- engineered `-weak_reference_mismatches` and `-weak-l` options. as pointed out in the man page, these options are poorly designed because it silently alters the behavior of unrelated program code. these options are in fact so poorly conceived that Googling for "weak_reference_mismatches" returns almost entirely results saying to turn it off. however! even if this option is passed, I am still convinced that the configure check will be almost entirely ineffective for three reasons. 1. assuming the library is installed correctly, even if the user has enabled the limb-gun option, this configure check will pass just fine, and even the build products will function correctly. only if the user subsequently *uninstalls* the library, tor will suddenly start crashing. (and again, only if you used the limb-gun option.) 2. if the library provides only a subset of the necessary symbols, tor will compile but fail to run. unfortunately, the configure check still doesn't help, because it only checks that the version function works (which is the only function sorta guaranteed not to ever change, the opposite of the requirement here), not that all the functions work. 3. as far as I know, autotools does not support magically configuring an executable to be compiled as a shared library instead. this is why shadow- plugin-tor doesn't bother and builds tor with cmake instead. this configure check will obviously not work if it is not called. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22926#comment:26> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs