[or-cvs] help avoid overflow from len_in + (len_in/n)*len_ins
Roger Dingledine
arma at seul.org
Mon Jan 10 16:30:53 UTC 2005
Update of /home2/or/cvsroot/tor/src/common
In directory moria.mit.edu:/home2/arma/work/onion/cvs/tor/src/common
Modified Files:
util.c
Log Message:
help avoid overflow from len_in + (len_in/n)*len_ins
nick, do you think this does it? if so, we should maybe backport too.
Index: util.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/common/util.c,v
retrieving revision 1.196
retrieving revision 1.197
diff -u -d -r1.196 -r1.197
--- util.c 22 Dec 2004 05:28:15 -0000 1.196
+++ util.c 10 Jan 2005 16:30:51 -0000 1.197
@@ -215,6 +215,8 @@
tor_assert(dest_len < SIZE_T_CEILING);
len_in = strlen(s);
len_ins = strlen(insert);
+ tor_assert(len_in < SIZE_T_CEILING);
+ tor_assert(len_in/n < SIZE_T_CEILING/len_ins); /* avoid overflow */
len_out = len_in + (len_in/n)*len_ins;
is_even = (len_in%n) == 0;
switch (rule)
More information about the tor-commits
mailing list