commit f6afd4efa6c24fab8ace710fc0eac4c8811b93dd Author: Nick Mathewson nickm@torproject.org Date: Wed Apr 18 23:02:09 2012 -0400

Fix a log-uninitialized-buffer bug.

Fix for 5647; bugfix on 0.2.1.5-alpha. --- changes/bug5647 | 4 ++++ src/or/routerparse.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/changes/bug5647 b/changes/bug5647 new file mode 100644 index 0000000..92f41c8 --- /dev/null +++ b/changes/bug5647 @@ -0,0 +1,4 @@ + o Major bugfixes: + - Avoid logging uninitialized data when unable to decode a hidden + service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha. + diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 322a2b5..8c4f582 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -5056,7 +5056,6 @@ rend_parse_client_keys(strmap_t *parsed_clients, const char *ckstr) while (!strcmpstart(current_entry, "client-name ")) { rend_authorized_client_t *parsed_entry; size_t len; - char descriptor_cookie_base64[REND_DESC_COOKIE_LEN_BASE64+2+1]; char descriptor_cookie_tmp[REND_DESC_COOKIE_LEN+2]; /* Determine end of string. */ const char *eos = strstr(current_entry, "\nclient-name "); @@ -5125,7 +5124,7 @@ rend_parse_client_keys(strmap_t *parsed_clients, const char *ckstr) tok->args[0], REND_DESC_COOKIE_LEN_BASE64+2+1) != REND_DESC_COOKIE_LEN)) { log_warn(LD_REND, "Descriptor cookie contains illegal characters: " - "%s", descriptor_cookie_base64); + "%s", escaped(tok->args[0])); goto err; } memcpy(parsed_entry->descriptor_cookie, descriptor_cookie_tmp,