#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR ------------------------------+-------------------------------- Reporter: asn | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Tor: 0.4.1.x-final Component: Core Tor/Tor | Version: Severity: Normal | Keywords: coverity Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ------------------------------+-------------------------------- Got two new coverity issues:
{{{ *** CID 1444908: Concurrent data access violations (MISSING_LOCK) /src/test/rng_test_helpers.c: 190 in testing_enable_prefilled_rng() 184 { 185 tor_assert(buflen > 0); 186 rng_mutex = tor_mutex_new(); 187 188 prefilled_rng_buffer = tor_memdup(buffer, buflen); 189 prefilled_rng_buflen = buflen; >>> CID 1444908: Concurrent data access violations (MISSING_LOCK) >>> Accessing "prefilled_rng_idx" without holding lock "tor_mutex_t.mutex". Elsewhere, "prefilled_rng_idx" is accessed with >>> "tor_mutex_t.mutex" held 3 out of 4 times (1 of these accesses strongly imply that it is necessary). 190 prefilled_rng_idx = 0; 191 192 MOCK(crypto_rand, crypto_rand_prefilled); 193 MOCK(crypto_strongest_rand_, mock_crypto_strongest_rand); 194 } 195 ** CID 1444769: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1444769: Insecure data handling (TAINTED_SCALAR) /src/feature/nodelist/microdesc.c: 540 in microdesc_cache_reload() 534 } 535 536 journal_content = read_file_to_str(cache->journal_fname, 537 RFTS_IGNORE_MISSING, &st); 538 if (journal_content) { 539 cache->journal_len = (size_t) st.st_size; >>> CID 1444769: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "journal_content" to a tainted sink. 540 warn_if_nul_found(journal_content, cache->journal_len, 0, 541 "reading microdesc journal"); 542 added = microdescs_add_to_cache(cache, journal_content, 543 journal_content+st.st_size, 544 SAVED_IN_JOURNAL, 0, -1, NULL); 545 if (added) { }}}} -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30361> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs