[tor-commits] [tor/maint-0.2.9] Fix two other cases of (buf + N > end) pattern

nickm at torproject.org nickm at torproject.org
Mon Oct 29 19:57:36 UTC 2018


commit 0878bb961f9028a81ce465702afb891a82015228
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Oct 25 09:08:02 2018 -0400

    Fix two other cases of (buf + N > end) pattern
    
    Related to fix for 28202.
---
 src/or/routerparse.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 063cbbcda..37d2d975f 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -5299,13 +5299,13 @@ find_start_of_next_microdesc(const char *s, const char *eos)
     return NULL;
 
 #define CHECK_LENGTH() STMT_BEGIN \
-    if (s+32 > eos)               \
+    if (eos - s < 32)             \
       return NULL;                \
   STMT_END
 
 #define NEXT_LINE() STMT_BEGIN            \
     s = memchr(s, '\n', eos-s);           \
-    if (!s || s+1 >= eos)                 \
+    if (!s || eos - s <= 1)               \
       return NULL;                        \
     s++;                                  \
   STMT_END
@@ -5329,7 +5329,7 @@ find_start_of_next_microdesc(const char *s, const char *eos)
   /* Okay, now we're pointed at the first line of the microdescriptor which is
      not an annotation or onion-key.  The next line that _is_ an annotation or
      onion-key is the start of the next microdescriptor. */
-  while (s+32 < eos) {
+  while (eos - s > 32) {
     if (*s == '@' || !strcmpstart(s, "onion-key"))
       return s;
     NEXT_LINE();
@@ -6359,4 +6359,3 @@ routerparse_free_all(void)
 {
   dump_desc_fifo_cleanup();
 }
-



More information about the tor-commits mailing list