Raise buffer size, fix checks for format_exit_helper_status. (17bcfb26) · Commits · David Goulet / Tor

changes/bug9928

0 → 100644

+5 −0

Original line number	Diff line number	Diff line
		o Minor bugfixes:
		- Avoid an off-by-one error when checking buffer boundaries when
		formatting the exit status of a pluggable transport helper.
		This is probably not an exploitable bug, but better safe than
		sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc.

+5 −5

Original line number	Diff line number	Diff line
		@@ -3256,10 +3256,10 @@ format_hex_number_for_helper_exit_status(unsigned int x, char *buf,
		* <b>hex_errno</b>. Called between fork and _exit, so must be signal-handler
		* safe.
		*
		* <b>hex_errno</b> must have at least HEX_ERRNO_SIZE bytes available.
		* <b>hex_errno</b> must have at least HEX_ERRNO_SIZE+1 bytes available.
		*
		* The format of <b>hex_errno</b> is: "CHILD_STATE/ERRNO\n", left-padded
		* with spaces. Note that there is no trailing \0. CHILD_STATE indicates where
		* with spaces. CHILD_STATE indicates where
		* in the processs of starting the child process did the failure occur (see
		* CHILD_STATE_* macros for definition), and SAVED_ERRNO is the value of
		* errno when the failure occurred.
		@@ -3338,8 +3338,8 @@ format_helper_exit_status(unsigned char child_state, int saved_errno,
		left -= written;
		cur += written;

		/* Check that we have enough space left for a newline */
		if (left <= 0)
		/* Check that we have enough space left for a newline and a NUL */
		if (left <= 1)
		goto err;

		/* Emit the newline and NUL */
		@@ -3594,7 +3594,7 @@ tor_spawn_background(const char const filename, const char *argv,
		this is used for printing out the error message */
		unsigned char child_state = CHILD_STATE_INIT;

		char hex_errno[HEX_ERRNO_SIZE];
		char hex_errno[HEX_ERRNO_SIZE + 1];

		static int max_fd = -1;