[tor-commits] [tor/master] Correctly copy microdescs/extrinfos with internal NUL bytes

nickm at torproject.org nickm at torproject.org
Wed Apr 17 14:49:14 UTC 2013


commit acd72d4e3e47c2d81d9f3586d227069b9c87094e
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sat Jan 26 18:01:06 2013 -0500

    Correctly copy microdescs/extrinfos with internal NUL bytes
    
    Fixes bug 8037; bugfix on 0.2.0.1-alpha; reported by cypherpunks.
---
 changes/bug8037      |    4 ++++
 src/common/util.c    |   14 ++++++++++++++
 src/common/util.h    |    3 +++
 src/or/routerparse.c |    4 ++--
 4 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/changes/bug8037 b/changes/bug8037
new file mode 100644
index 0000000..5f3c1a3
--- /dev/null
+++ b/changes/bug8037
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Correctly store microdescriptors and extrainfo descriptors with
+      an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
+      Bug reported by "cypherpunks".
diff --git a/src/common/util.c b/src/common/util.c
index 49ec75d..71b77e2 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -282,6 +282,20 @@ tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
   return dup;
 }
 
+/** As tor_memdup(), but add an extra 0 byte at the end of the resulting
+ * memory. */
+void *
+tor_memdup_nulterm(const void *mem, size_t len DMALLOC_PARAMS)
+{
+  char *dup;
+  tor_assert(len < SIZE_T_CEILING+1);
+  tor_assert(mem);
+  dup = tor_malloc_(len+1 DMALLOC_FN_ARGS);
+  memcpy(dup, mem, len);
+  dup[len] = '\0';
+  return dup;
+}
+
 /** Helper for places that need to take a function pointer to the right
  * spelling of "free()". */
 void
diff --git a/src/common/util.h b/src/common/util.h
index 59c43a4..170fb23 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -83,6 +83,8 @@ char *tor_strndup_(const char *s, size_t n DMALLOC_PARAMS)
   ATTR_MALLOC ATTR_NONNULL((1));
 void *tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
   ATTR_MALLOC ATTR_NONNULL((1));
+void *tor_memdup_nulterm_(const void *mem, size_t len DMALLOC_PARAMS)
+  ATTR_MALLOC ATTR_NONNULL((1));
 void tor_free_(void *mem);
 #ifdef USE_DMALLOC
 extern int dmalloc_free(const char *file, const int line, void *pnt,
@@ -117,6 +119,7 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
 #define tor_strdup(s)          tor_strdup_(s DMALLOC_ARGS)
 #define tor_strndup(s, n)      tor_strndup_(s, n DMALLOC_ARGS)
 #define tor_memdup(s, n)       tor_memdup_(s, n DMALLOC_ARGS)
+#define tor_memdup_nulterm(s, n)       tor_memdup_nulterm_(s, n DMALLOC_ARGS)
 
 void tor_log_mallinfo(int severity);
 
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index b945ea6..23dae38 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1494,7 +1494,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
   extrainfo = tor_malloc_zero(sizeof(extrainfo_t));
   extrainfo->cache_info.is_extrainfo = 1;
   if (cache_copy)
-    extrainfo->cache_info.signed_descriptor_body = tor_strndup(s, end-s);
+    extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s, end-s);
   extrainfo->cache_info.signed_descriptor_len = end-s;
   memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
 
@@ -4237,7 +4237,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
 
       md->bodylen = start_of_next_microdesc - cp;
       if (copy_body)
-        md->body = tor_strndup(cp, md->bodylen);
+        md->body = tor_memdup_nulterm(cp, md->bodylen);
       else
         md->body = (char*)cp;
       md->off = cp - start;





More information about the tor-commits mailing list