Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by George Kadianakis@asn

Non-triggerable integer overflow in crypto_random_hostname()

char *
crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix,
                       const char *suffix)
...
  randlen = min_rand_len + crypto_rand_int(max_rand_len - min_rand_len + 1);
...
  rand_bytes_len = ((randlen*5)+7)/8;
  if (rand_bytes_len % 5)
    rand_bytes_len += 5 - (rand_bytes_len%5);
  rand_bytes = tor_malloc(rand_bytes_len);

If randlen overflows in rand_bytes_len = ((randlen*5)+7)/8; we pass a negative value to tor_malloc().

I don't see this happening any time soon, since all the currently used crypto_random_hostname() arguments are very small, but it might be good to fix it for completeness.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information