Commit 24676534 authored by Nick Mathewson's avatar Nick Mathewson 🥔
Browse files

Merge branch 'maint-0.3.1' into maint-0.3.2

parents 7c3f87eb 993e314c
Loading
Loading
Loading
Loading

changes/bug26007

0 → 100644
+5 −0
Original line number Diff line number Diff line
  o Major bugfixes (directory authorities, security):
    - When directory authorities read a zero-byte bandwidth file, they log
      a warning with the contents of an uninitialised buffer. Log a warning
      about the empty file instead.
      Fixes bug 26007; bugfix on 0.2.2.1-alpha.
+11 −2
Original line number Diff line number Diff line
@@ -2781,14 +2781,23 @@ dirserv_read_measured_bandwidths(const char *from_file,
  time_t file_time, now;
  int ok;

  /* Initialise line, so that we can't possibly run off the end. */
  memset(line, 0, sizeof(line));

  if (fp == NULL) {
    log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
             from_file);
    return -1;
  }

  if (!fgets(line, sizeof(line), fp)
          || !strlen(line) || line[strlen(line)-1] != '\n') {
  /* If fgets fails, line is either unmodified, or indeterminate. */
  if (!fgets(line, sizeof(line), fp)) {
    log_warn(LD_DIRSERV, "Empty bandwidth file");
    fclose(fp);
    return -1;
  }

  if (!strlen(line) || line[strlen(line)-1] != '\n') {
    log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
             escaped(line));
    fclose(fp);