commit 373d9aff7af41c07bb51093df4ceb51a13404a44 Author: junglefowl junglefowl@riseup.net Date: Mon Jan 23 19:08:54 2017 +0000

Fail if file is too large to mmap.

If tor_mmap_file is called with a file which is larger than SIZE_MAX, only a small part of the file will be memory-mapped due to integer truncation.

This can only realistically happen on 32 bit architectures with large file support. --- changes/bug21134 | 5 +++++ src/common/compat.c | 6 ++++++ 2 files changed, 11 insertions(+)

diff --git a/changes/bug21134 b/changes/bug21134 new file mode 100644 index 0000000..b851718 --- /dev/null +++ b/changes/bug21134 @@ -0,0 +1,5 @@ + o Minor bugfixes (portability): + - Do not silently truncate content of files if they are larger + than SIZE_MAX bytes. This issue could occur on 32 bit systems + with large file support and files which are larger than 4 GB. + Fixes bug 21134; bugfix on 0.3.0.1-alpha. diff --git a/src/common/compat.c b/src/common/compat.c index ebf05f5..16b2229 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -258,6 +258,12 @@ tor_mmap_file(const char *filename) page_size = getpagesize(); size += (size%page_size) ? page_size-(size%page_size) : 0;

+ if (st.st_size > SSIZE_T_CEILING || size < st.st_size) { + log_warn(LD_FS, "File "%s" is too large. Ignoring.",filename); + errno = EFBIG; + close(fd); + return NULL; + } if (!size) { /* Zero-length file. If we call mmap on it, it will succeed but * return NULL, and bad things will happen. So just fail. */