[tor-commits] [tor/release-0.3.2] Stop logging stack contents when reading a zero-length bandwidth file

nickm at torproject.org nickm at torproject.org
Wed May 2 12:48:18 UTC 2018


commit d465bd27ed79b1924cf893d4e810786a491ee613
Author: teor <teor2345 at gmail.com>
Date:   Wed May 2 22:33:21 2018 +1000

    Stop logging stack contents when reading a zero-length bandwidth file
    
    When directory authorities read a zero-byte bandwidth file, they log
    a warning with the contents of an uninitialised buffer. Log a warning
    about the empty file instead.
    
    Fixes bug 26007; bugfix on 0.2.2.1-alpha.
---
 changes/bug26007 |  5 +++++
 src/or/dirserv.c | 13 +++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/changes/bug26007 b/changes/bug26007
new file mode 100644
index 000000000..efcd15084
--- /dev/null
+++ b/changes/bug26007
@@ -0,0 +1,5 @@
+  o Major bugfixes (directory authorities, security):
+    - When directory authorities read a zero-byte bandwidth file, they log
+      a warning with the contents of an uninitialised buffer. Log a warning
+      about the empty file instead.
+      Fixes bug 26007; bugfix on 0.2.2.1-alpha.
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 41c6bf3dc..94290d5dd 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -2750,14 +2750,23 @@ dirserv_read_measured_bandwidths(const char *from_file,
   time_t file_time, now;
   int ok;
 
+  /* Initialise line, so that we can't possibly run off the end. */
+  memset(line, 0, sizeof(line));
+
   if (fp == NULL) {
     log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
              from_file);
     return -1;
   }
 
-  if (!fgets(line, sizeof(line), fp)
-          || !strlen(line) || line[strlen(line)-1] != '\n') {
+  /* If fgets fails, line is either unmodified, or indeterminate. */
+  if (!fgets(line, sizeof(line), fp)) {
+    log_warn(LD_DIRSERV, "Empty bandwidth file");
+    fclose(fp);
+    return -1;
+  }
+
+  if (!strlen(line) || line[strlen(line)-1] != '\n') {
     log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
              escaped(line));
     fclose(fp);





More information about the tor-commits mailing list