[tor-commits] [tor/release-0.3.1] Remove the length limit from write_http_status_line

[nickm at torproject.org]

commit af33fdd7c1860399fe8d6861c163e5d64b0292b9
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Oct 23 09:21:22 2017 -0400

    Remove the length limit from write_http_status_line
    
    Fixes bug 23908; bugfix on 0.3.1.6-rc when we made the keypin
    failure message really long.
    
    Backport from 0.3.2's 771fb7e7baa789c55ba15c4c26c8a4889ff9fe8d,
    where arma said "get rid of the scary 256-byte-buf landmine".
---
 changes/bug23908   |  3 +++
 src/or/directory.c | 10 ++++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/changes/bug23908 b/changes/bug23908
new file mode 100644
index 000000000..f641b66bb
--- /dev/null
+++ b/changes/bug23908
@@ -0,0 +1,3 @@
+  o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
+    - Remove the length limit on HTTP status lines that authorities can send
+      in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
diff --git a/src/or/directory.c b/src/or/directory.c
index 45fbd1dd3..bef65d349 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -3282,14 +3282,12 @@ static void
 write_http_status_line(dir_connection_t *conn, int status,
                        const char *reason_phrase)
 {
-  char buf[256];
-  if (tor_snprintf(buf, sizeof(buf), "HTTP/1.0 %d %s\r\n\r\n",
-      status, reason_phrase ? reason_phrase : "OK") < 0) {
-    log_warn(LD_BUG,"status line too long.");
-    return;
-  }
+  char *buf = NULL;
+  tor_asprintf(&buf, "HTTP/1.0 %d %s\r\n\r\n",
+               status, reason_phrase ? reason_phrase : "OK");
   log_debug(LD_DIRSERV,"Wrote status 'HTTP/1.0 %d %s'", status, reason_phrase);
   connection_write_to_buf(buf, strlen(buf), TO_CONN(conn));
+  tor_free(buf);
 }
 
 /** Write the header for an HTTP/1.0 response onto <b>conn</b>-\>outbuf,