View | Details | Raw Unified | Return to bug 197909
Collapse All | Expand All

(-)b/security/obfsclient/files/patch-crypto-ctr.h (+42 lines)
Added Link Here
1
From c91f7bbf3e0eedb080319ba3cfed7b47597b5aeb Mon Sep 17 00:00:00 2001
2
From: Yawning Angel <yawning@torproject.org>
3
Date: Sun, 20 Apr 2014 16:52:06 +0000
4
Subject: Fix a potential bug found by clang's scan-build.
5
6
With all current uses of Ctr, the conditional I was missing is never
7
triggered since the paramenters are guaranteed to be sane, but this is
8
not guaranteed to be true in the future.
9
10
scan-build also points out a bunch of things in easylogging++ and gtest
11
but they don't look to be real problems.
12
---
13
 ChangeLog                     | 2 ++ [diff removed]
14
 src/schwanenlied/crypto/ctr.h | 5 ++++-
15
 2 files changed, 6 insertions(+), 1 deletion(-)
16
17
diff --git a/src/schwanenlied/crypto/ctr.h b/src/schwanenlied/crypto/ctr.h
18
index 79bb71b..92d932d 100644
19
--- src/schwanenlied/crypto/ctr.h
20
+++ src/schwanenlied/crypto/ctr.h
21
@@ -91,6 +91,8 @@ class Ctr {
22
       return false;
23
     if (ctr_len == 0)
24
       return false;
25
+    if ((iv == nullptr && iv_len != 0) || (iv != nullptr && iv_len == 0))
26
+      return false;
27
     if (ctr_len + iv_len != ecb_impl_.block_length())
28
       return false;
29
 
30
@@ -100,7 +102,8 @@ class Ctr {
31
       return false;
32
 
33
     iv_size_ = iv_len;
34
-    ::std::memcpy(&ctr_[0], iv, iv_len);
35
+    if (iv != nullptr)
36
+      ::std::memcpy(&ctr_[0], iv, iv_len);
37
     ::std::memcpy(&ctr_[iv_len], ctr, ctr_len);
38
 
39
     has_state_ = true;
40
-- 
41
2.3.0
42
(-)b/security/obfsclient/files/patch-ext-optionparser.h (+31 lines)
Added Link Here
1
From 85dd63b32a0b77c57cbae224f7862a5fb9c069a8 Mon Sep 17 00:00:00 2001
2
From: Yawning Angel <yawning@torproject.org>
3
Date: Sat, 14 Jun 2014 22:42:35 +0000
4
Subject: Fix build on GCC 4.9.0.
5
6
Just potentially uninitialized warnings in the 3rd party command line
7
option parsing code, probably spurious and should be ignored but,
8
initialize them for now.
9
---
10
 src/ext/optionparser.h | 4 ++--
11
 1 file changed, 2 insertions(+), 2 deletions(-)
12
13
diff --git a/src/ext/optionparser.h b/src/ext/optionparser.h
14
index 17bf6ad..64e2dfc 100644
15
--- src/ext/optionparser.h
16
+++ src/ext/optionparser.h
17
@@ -1554,9 +1554,9 @@ inline bool Parser::workhorse(bool gnu, const Descriptor usage[], int numargs, c
18
 
19
     do // loop over short options in group, for long options the body is executed only once
20
     {
21
-      int idx;
22
+      int idx = 0;
23
 
24
-      const char* optarg;
25
+      const char* optarg = 0;
26
 
27
       /******************** long option **********************/
28
       if (handle_short_options == false || try_single_minus_longopt)
29
-- 
30
2.3.0
31
(-)b/security/obfsclient/files/patch-scramblesuit-client.cc (-1 / +30 lines)
Added Link Here
0
- 
1
From 9c164b2afb666d0bcd26ba3eeb6da07a9fff551c Mon Sep 17 00:00:00 2001
2
From: Yawning Angel <yawning@torproject.org>
3
Date: Sat, 14 Jun 2014 23:09:08 +0000
4
Subject: Suppress more useless warnings.
5
6
Apparently I forgot to check the IAT code when I switched to building
7
wiht -Wextra, since no one should use it.
8
---
9
 src/schwanenlied/pt/scramblesuit/client.cc | 4 +++-
10
 1 file changed, 3 insertions(+), 1 deletion(-)
11
12
diff --git a/src/schwanenlied/pt/scramblesuit/client.cc b/src/schwanenlied/pt/scramblesuit/client.cc
13
index e967b7b..c6e1a20 100644
14
--- src/schwanenlied/pt/scramblesuit/client.cc
15
+++ src/schwanenlied/pt/scramblesuit/client.cc
16
@@ -468,8 +468,10 @@ bool Client::schedule_iat_transmit() {
17
   // Lazy timer initialization
18
   if (iat_timer_ev_ == nullptr) {
19
     event_callback_fn cb = [](evutil_socket_t sock,
20
-                              short witch,
21
+                              short which,
22
                               void* arg) {
23
+      (void)sock;
24
+      (void)which;
25
       reinterpret_cast<Client*>(arg)->on_iat_transmit();
26
     };
27
     iat_timer_ev_ = evtimer_new(base_, cb, this);
28
-- 
29
2.3.0
30

Return to bug 197909