[tor-commits] [tor/master] Document and test nul-terminating behavior of tor_uncompress()

nickm at torproject.org nickm at torproject.org
Thu Apr 27 15:00:21 UTC 2017 

commit 49deb1e1b810e348bfa9fb27a0f0ef54f3694cc9
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Apr 27 10:59:48 2017 -0400

    Document and test nul-terminating behavior of tor_uncompress()
    
    We added this as a safety feature, but there are a few places in the
    code that actually depend on it.
---
 src/common/compress.c | 6 ++++++
 src/test/test_util.c  | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/src/common/compress.c b/src/common/compress.c
index 771f5ab..9a24025 100644
--- a/src/common/compress.c
+++ b/src/common/compress.c
@@ -221,6 +221,12 @@ tor_compress(char **out, size_t *out_len,
  * *<b>out</b>, and its length in *<b>out_len</b>.  Return 0 on success, -1 on
  * failure.
  *
+ * If any bytes are written to <b>out</b>, an extra byte NUL is always
+ * written at the end, but not counted in <b>out_len</b>.  This is a
+ * safety feature to ensure that the output can be treated as a
+ * NUL-terminated string -- though of course, callers should check
+ * out_len anyway.
+ *
  * If <b>complete_only</b> is true, we consider a truncated input as a
  * failure; otherwise we decompress as much as we can.  Warn about truncated
  * or corrupt inputs at <b>protocol_warn_level</b>.
diff --git a/src/test/test_util.c b/src/test/test_util.c
index 1f37fc3..dec1d52 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -2262,6 +2262,7 @@ test_util_compress_impl(compress_method_t method)
   tt_assert(buf3 != NULL);
   tt_int_op(strlen(buf1) + 1, OP_EQ, len2);
   tt_str_op(buf1, OP_EQ, buf3);
+  tt_int_op(buf3[len2], OP_EQ, 0);
 
   /* Check whether we can uncompress concatenated, compressed strings. */
   tor_free(buf3);
@@ -2273,6 +2274,7 @@ test_util_compress_impl(compress_method_t method)
              "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0"
              "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0",
              (strlen(buf1)+1)*2);
+  tt_int_op(buf3[len2], OP_EQ, 0);
 
   /* Check whether we can uncompress partial strings */
 
@@ -2296,6 +2298,8 @@ test_util_compress_impl(compress_method_t method)
   tt_int_op(len2, OP_GT, 5);
   tt_int_op(len2, OP_LE, len1);
   tt_assert(fast_memeq(buf1, buf3, len2));
+  tt_int_op(buf3[len2], OP_EQ, 0);
+
   /* when we demand a complete output, this must fail. */
   tor_free(buf3);
   tt_assert(tor_uncompress(&buf3, &len2, buf2, len1-16,

More information about the tor-commits mailing list