From 24c031b1a28658c921a746f4d58f3ca5e9994108 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 9 Mar 2015 15:09:49 -0400 Subject: [PATCH] Don't use checked strl{cat,cpy} on OSX. There is a bug in the overlap-checking in strlcat that can crash Tor servers. Fixes bug 15205; this is an OSX bug, not a Tor bug. --- changes/bug15205 | 5 +++++ src/common/compat.h | 12 ++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 changes/bug15205 diff --git a/changes/bug15205 b/changes/bug15205 new file mode 100644 index 0000000000..0cb9f3f4bc --- /dev/null +++ b/changes/bug15205 @@ -0,0 +1,5 @@ + o Major bugfixes (crash, OSX, security): + - Fix a remote denial-of-service opportunity caused by a bug + in OSX's _strlcat_chk() function. Fixes bug 15205; bug first + appeared in OSX 10.9. + diff --git a/src/common/compat.h b/src/common/compat.h index ec7d2415ed..531e88f1bd 100644 --- a/src/common/compat.h +++ b/src/common/compat.h @@ -224,6 +224,18 @@ extern INLINE double U64_TO_DBL(uint64_t x) { #define strncasecmp _strnicmp #define strcasecmp _stricmp #endif + +#if defined __APPLE__ +/* On OSX 10.9 and later, the overlap-checking code for strlcat would + * appear to have a severe bug that can sometimes cause aborts in Tor. + * Instead, use the non-checking variants. This is sad. + * + * See https://trac.torproject.org/projects/tor/ticket/15205 + */ +#undef strlcat +#undef strlcpy +#endif + #ifndef HAVE_STRLCAT size_t strlcat(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2)); #endif