[or-cvs] Fix a potential memory stomp on servers running hidden serv...
Nick Mathewson
nickm at seul.org
Wed Dec 14 02:19:29 UTC 2005
Update of /home/or/cvsroot/tor/src/or
In directory moria:/tmp/cvs-serv30475/src/or
Modified Files:
rendcommon.c
Log Message:
Fix a potential memory stomp on servers running hidden services. Found by weasel with valgrind. Backport candidate.
Index: rendcommon.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/rendcommon.c,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -d -r1.61 -r1.62
--- rendcommon.c 10 Dec 2005 09:36:26 -0000 1.61
+++ rendcommon.c 14 Dec 2005 02:19:27 -0000 1.62
@@ -56,7 +56,8 @@
char *end;
int i;
size_t asn1len;
- cp = *str_out = tor_malloc(PK_BYTES*2*(desc->n_intro_points+2)); /*Too long, but ok*/
+ size_t buflen = PK_BYTES*2*(desc->n_intro_points+2);/*Too long, but ok*/
+ cp = *str_out = tor_malloc(buflen);
end = cp + PK_BYTES*2*(desc->n_intro_points+1);
if (version) {
*(uint8_t*)cp = (uint8_t)0xff;
@@ -77,7 +78,7 @@
if (version == 0) {
for (i=0; i < desc->n_intro_points; ++i) {
char *ipoint = (char*)desc->intro_points[i];
- strlcpy(cp, ipoint, *len_out-(cp-*str_out));
+ strlcpy(cp, ipoint, buflen-(cp-*str_out));
cp += strlen(ipoint)+1;
}
} else {
More information about the tor-commits
mailing list