commit b356b3907a6424d9e1a14722e9729529862a698f Author: David Goulet <dgoulet@torproject.org> Date: Wed Oct 2 13:19:51 2019 -0400 hs-v3: Fix implicit ssize_t to size_t conversion Found by Coverity. Fixes #31682 Signed-off-by: David Goulet <dgoulet@torproject.org> --- changes/ticket31682 | 3 +++ src/feature/hs/hs_cell.c | 26 +++++++++++++++++++++----- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/changes/ticket31682 b/changes/ticket31682 new file mode 100644 index 000000000..9777dec1f --- /dev/null +++ b/changes/ticket31682 @@ -0,0 +1,3 @@ + o Minor bugfixes (hidden service v3, coverity): + - Fix an implicit conversion from ssize_t to size_t discovered by Coverity. + Fixes bug 31682; bugfix on 0.4.2.1-alpha. diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 547dda3e1..3147b898b 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -495,11 +495,12 @@ build_establish_intro_dos_param(trn_cell_extension_dos_t *dos_ext, /* Build the DoS defense cell extension and put it in the given extensions * object. This can't fail. */ -static void +static int build_establish_intro_dos_extension(const hs_service_config_t *service_config, trn_cell_extension_t *extensions) { - ssize_t ret, dos_ext_encoded_len; + ssize_t ret; + size_t dos_ext_encoded_len; uint8_t *field_array; trn_cell_extension_field_t *field; trn_cell_extension_dos_t *dos_ext; @@ -526,7 +527,11 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, service_config->intro_dos_burst_per_sec); /* Set the field with the encoded DoS extension. */ - dos_ext_encoded_len = trn_cell_extension_dos_encoded_len(dos_ext); + ret = trn_cell_extension_dos_encoded_len(dos_ext); + if (BUG(ret <= 0)) { + return -1; + } + dos_ext_encoded_len = ret; /* Set length field and the field array size length. */ trn_cell_extension_field_set_field_len(field, dos_ext_encoded_len); trn_cell_extension_field_setlen_field(field, dos_ext_encoded_len); @@ -534,7 +539,10 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, field_array = trn_cell_extension_field_getarray_field(field); ret = trn_cell_extension_dos_encode(field_array, trn_cell_extension_field_getlen_field(field), dos_ext); - tor_assert(ret == dos_ext_encoded_len); + if (BUG(ret <= 0)) { + return -1; + } + tor_assert(ret == (ssize_t) dos_ext_encoded_len); /* Finally, encode field into the cell extension. */ trn_cell_extension_add_fields(extensions, field); @@ -546,6 +554,8 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, /* Cleanup. DoS extension has been encoded at this point. */ trn_cell_extension_dos_free(dos_ext); + + return 0; } /* ========== */ @@ -558,6 +568,7 @@ STATIC trn_cell_extension_t * build_establish_intro_extensions(const hs_service_config_t *service_config, const hs_service_intro_point_t *ip) { + int ret; trn_cell_extension_t *extensions; tor_assert(service_config); @@ -571,9 +582,14 @@ build_establish_intro_extensions(const hs_service_config_t *service_config, if (service_config->has_dos_defense_enabled && ip->support_intro2_dos_defense) { /* This function takes care to increment the number of extensions. */ - build_establish_intro_dos_extension(service_config, extensions); + ret = build_establish_intro_dos_extension(service_config, extensions); + if (ret < 0) { + /* Return no extensions on error. */ + goto end; + } } + end: return extensions; }