Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T15:43:04Zhttps://gitlab.torproject.org/legacy/trac/-/issues/31001Undefined behavior in tor_vasprintf()2020-06-13T15:43:04ZGeorge KadianakisUndefined behavior in tor_vasprintf()```
Overflowing a signed integer in C is an undefined behaviour.
It is possible to trigger this undefined behaviour in tor_asprintf on
Windows or systems lacking vasprintf.
On these systems, eiter _vscprintf or vsnprintf is called to re...```
Overflowing a signed integer in C is an undefined behaviour.
It is possible to trigger this undefined behaviour in tor_asprintf on
Windows or systems lacking vasprintf.
On these systems, eiter _vscprintf or vsnprintf is called to retrieve
the required amount of bytes to hold the string. These functions can
return INT_MAX. The easiest way to recreate this is the use of a
specially crafted configuration file, e.g. containing the line:
FirewallPorts AAAAA<in total 2147483610 As>
This line triggers the needed tor_asprintf call which eventually
leads to an INT_MAX return value from _vscprintf or vsnprintf.
The needed byte for \0 is added to the result, triggering the
overflow and therefore the undefined behaviour.
Casting the value to size_t before addition fixes the behaviour.
```Tor: 0.4.0.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/legacy/trac/-/issues/23818Make v2 and v3 single onion services retry all failed intro and rend connecti...2020-06-13T15:44:30ZteorMake v2 and v3 single onion services retry all failed intro and rend connections with a 3-hop pathThis makes a single onion service connect via an entry that it can reach when connections fail.This makes a single onion service connect via an entry that it can reach when connections fail.Tor: 0.4.0.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/12399"Hash of session info was not as expected" should be log_protocol_warn2020-06-13T14:36:52ZLinus Nordberglinus@torproject.org"Hash of session info was not as expected" should be log_protocol_warnSeeing
```
[warn] Hash of session info was not as expected.
```
on fast relays, both exits and non exits (ndnr1, DFRI0, DFRI2) several times today. First one spotted at Jun 14 00:26 CEST.
These are on Linux and FreeBSD, versions 0.2.5...Seeing
```
[warn] Hash of session info was not as expected.
```
on fast relays, both exits and non exits (ndnr1, DFRI0, DFRI2) several times today. First one spotted at Jun 14 00:26 CEST.
These are on Linux and FreeBSD, versions 0.2.5.4-alpha-dev and 0.2.5.2-alpha respectively.Tor: 0.4.0.x-final