Loading changes/bug3306 0 → 100644 +9 −0 Original line number Diff line number Diff line o Minor bugfixes: - Make our crypto_rand_int() function check the value of its input correctly. Previously, it accepted values up to UINT_MAX, but could return a negative number if given a value above INT_MAX+1. Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14. - Avoid a segfault when reading a malformed circuit build state with more than INT_MAX entries. Found by wanoskarnet. Bugfix on 0.2.2.4-alpha. src/common/crypto.c +3 −2 Original line number Diff line number Diff line Loading @@ -2145,13 +2145,14 @@ crypto_rand(char *to, size_t n) } /** Return a pseudorandom integer, chosen uniformly from the values * between 0 and <b>max</b>-1. */ * between 0 and <b>max</b>-1 inclusive. <b>max</b> must be between 1 and * INT_MAX+1, inclusive. */ int crypto_rand_int(unsigned int max) { unsigned int val; unsigned int cutoff; tor_assert(max < UINT_MAX); tor_assert(max <= ((unsigned int)INT_MAX)+1); tor_assert(max > 0); /* don't div by 0 */ /* We ignore any values that are >= 'cutoff,' to avoid biasing the Loading src/or/circuitbuild.c +9 −1 Original line number Diff line number Diff line Loading @@ -678,7 +678,15 @@ circuit_build_times_shuffle_and_store_array(circuit_build_times_t *cbt, log_notice(LD_CIRC, "The number of circuit times that this Tor version " "uses to calculate build times is less than the number stored " "in your state file. Decreasing the circuit time history from " "%d to %d.", num_times, CBT_NCIRCUITS_TO_OBSERVE); "%lu to %d.", (unsigned long)num_times, CBT_NCIRCUITS_TO_OBSERVE); } if (n > INT_MAX-1) { log_warn(LD_CIRC, "For some insane reasons, you had %lu circuit build " "observations in your state file. That's far too many; probably " "there's a bug here.", (unsigned long)n); n = INT_MAX-1; } /* This code can only be run on a compact array */ Loading Loading
changes/bug3306 0 → 100644 +9 −0 Original line number Diff line number Diff line o Minor bugfixes: - Make our crypto_rand_int() function check the value of its input correctly. Previously, it accepted values up to UINT_MAX, but could return a negative number if given a value above INT_MAX+1. Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14. - Avoid a segfault when reading a malformed circuit build state with more than INT_MAX entries. Found by wanoskarnet. Bugfix on 0.2.2.4-alpha.
src/common/crypto.c +3 −2 Original line number Diff line number Diff line Loading @@ -2145,13 +2145,14 @@ crypto_rand(char *to, size_t n) } /** Return a pseudorandom integer, chosen uniformly from the values * between 0 and <b>max</b>-1. */ * between 0 and <b>max</b>-1 inclusive. <b>max</b> must be between 1 and * INT_MAX+1, inclusive. */ int crypto_rand_int(unsigned int max) { unsigned int val; unsigned int cutoff; tor_assert(max < UINT_MAX); tor_assert(max <= ((unsigned int)INT_MAX)+1); tor_assert(max > 0); /* don't div by 0 */ /* We ignore any values that are >= 'cutoff,' to avoid biasing the Loading
src/or/circuitbuild.c +9 −1 Original line number Diff line number Diff line Loading @@ -678,7 +678,15 @@ circuit_build_times_shuffle_and_store_array(circuit_build_times_t *cbt, log_notice(LD_CIRC, "The number of circuit times that this Tor version " "uses to calculate build times is less than the number stored " "in your state file. Decreasing the circuit time history from " "%d to %d.", num_times, CBT_NCIRCUITS_TO_OBSERVE); "%lu to %d.", (unsigned long)num_times, CBT_NCIRCUITS_TO_OBSERVE); } if (n > INT_MAX-1) { log_warn(LD_CIRC, "For some insane reasons, you had %lu circuit build " "observations in your state file. That's far too many; probably " "there's a bug here.", (unsigned long)n); n = INT_MAX-1; } /* This code can only be run on a compact array */ Loading
