[or-cvs] [tor/master] Make sure we can't overflow in connection_ap_handshake_send_resolve
Nick Mathewson
nickm at seul.org
Sun Sep 27 16:11:22 UTC 2009
Author: Sebastian Hahn <sebastian at torproject.org>
Date: Sat, 26 Sep 2009 15:41:52 +0200
Subject: Make sure we can't overflow in connection_ap_handshake_send_resolve
Commit: 6a68b5059710d96767a7c7c7acd6a1e0bc933874
Found by Coverity
---
ChangeLog | 2 ++
src/or/connection_edge.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 451a20c..c79c865 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,8 @@ Changes in version 0.2.2.4-alpha - 2009-??-??
on 0.2.2.1-alpha.
- Fix two memory leaks in the error case of
circuit_build_times_parse_state. Bugfix on 0.2.2.2-alpha.
+ - Make it explicit that we can't overflow in
+ connection_ap_handshake_send_resolve. Bugfix on 0.0.7.1-1.
Changes in version 0.2.2.3-alpha - 2009-09-23
o Major bugfixes:
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index f252027..0e6297a 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2156,8 +2156,9 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
tor_assert(payload_len <= (int)sizeof(inaddr_buf));
}
- if (payload_len > RELAY_PAYLOAD_SIZE) {
+ if (payload_len > MAX_SOCKS_ADDR_LEN) {
/* This should be impossible: we don't accept addresses this big. */
+ /* XXX Should we log a bug here? */
connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
return -1;
}
--
1.5.6.5
More information about the tor-commits
mailing list