Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Created by Trac@tracbot

strncat() without bounds

Hi Team,

https://github.com/torproject/tor/blob/master/src/lib/err/backtrace.c#L267-L268

i.e

strncat(version, " ", sizeof(version)-1); strncat(version, tor_version, sizeof(version)-1);

Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) such as (CWE-120).

Consider strcat_s, strlcat, snprintf, or automatically resizing strings. I feel the risk is high because the length parameter appears to be a constant, instead of computing the number of characters left.

Request team to please have a look and validate.

Regards Dhiraj

Trac:
Username: Dhiraj

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information