#30920: Detect uint64 overflow in config_parse_units()
---------------------------+------------------------------------
Reporter: nickm | Owner: (none)
Type: defect | Status: new
Priority: Low | Milestone: Tor: 0.4.3.x-final
Component: Core Tor/Tor | Version:
Severity: Minor | Resolution:
Keywords: easy overflow | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+------------------------------------
Changes (by teor):
* milestone: Tor: 0.4.2.x-final => Tor: 0.4.3.x-final
Comment:
Replying to [comment:12 guigom]:
> I haven't opened a PR yet but my branch for this ticket is in
[https://github.com/JMGuisadoG/tor/tree/ticket30920]
>
> * Commit adding the u64_nowrap_mul & tests:
>
[https://github.com/JMGuisadoG/tor/commit/4dd5b593636a9f5944ca2069d1c22c2b4b03d335]
>
> * Commit adding the check for overflow inside mem_parse_units & enabling
tests:
>
[https://github.com/JMGuisadoG/tor/commit/1ac4b346131fa0f49a5218553cd5d98affb82a76]
Thanks!
> Replying to [comment:11 teor]:
> > Maybe we should fail on anything larger than SSIZE_T_MAX?
> > (SSIZE_T_MAX is half the maximum possible memory size.)
>
> What the reason for checking half the maximum size?.
In general, it helps us avoid underflows and other mistakes as well.
In this case, there's just no reason to expect that values over 2^63^ are
valid.
> If that's a go and there's no problem with the code above I can change
the if statement accordingly.
Sure, feel free to put in a pull request, and someone will review it in
the next week.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30920#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
