Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 316
    • Issues 316
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 34
    • Merge requests 34
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #19357
Closed
Open
Created Jun 08, 2016 by Andrea Shepard@andrea

keypin_load_journal_impl() might break if journal file contains NUL

The journal file reader loop in src/or/keypin.c only uses end of file or '\n' to find the end of a line, so if a line contains a NUL we may end up passing a string with one in the middle to other things:

367 STATIC int
368 keypin_load_journal_impl(const char *data, size_t size,
369                          keypin_journal_pruner_t *pruner)
370 { 
371   const char *start = data, *end = data + size, *next;
372 
373   int n_corrupt_lines = 0;
374   int n_entries = 0; 
375   int n_duplicates = 0;
376   int n_conflicts = 0;
377 
378   for (const char *cp = start; cp < end; cp = next) {
379     const char *eol = memchr(cp, '\n', end-cp);
380     const char *eos = eol ? eol : end;
381     const size_t len = eos - cp;

We should think about this more and make sure this is safe.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking