Loading changes/bug28202 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor bugfixes (C correctness): - Avoid undefined behavior in an end-of-string check when parsing the BEGIN line in a directory object. Fixes bug 28202; bugfix on 0.2.0.3-alpha. src/or/parsecommon.c +1 −2 Original line number Diff line number Diff line Loading @@ -345,7 +345,7 @@ get_next_token(memarea_t *area, goto check_object; obstart = *s; /* Set obstart to start of object spec */ if (*s+16 >= eol || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */ if (eol - *s <= 16 || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */ strcmp_len(eol-5, "-----", 5) || /* nuls or invalid endings */ (eol-*s) > MAX_UNPARSED_OBJECT_SIZE) { /* name too long */ RET_ERR("Malformed object: bad begin line"); Loading Loading @@ -448,4 +448,3 @@ find_all_by_keyword(const smartlist_t *s, directory_keyword k) }); return out; } src/or/routerparse.c +3 −4 Original line number Diff line number Diff line Loading @@ -4602,13 +4602,13 @@ find_start_of_next_microdesc(const char *s, const char *eos) return NULL; #define CHECK_LENGTH() STMT_BEGIN \ if (s+32 > eos) \ if (eos - s < 32) \ return NULL; \ STMT_END #define NEXT_LINE() STMT_BEGIN \ s = memchr(s, '\n', eos-s); \ if (!s || s+1 >= eos) \ if (!s || eos - s <= 1) \ return NULL; \ s++; \ STMT_END Loading @@ -4632,7 +4632,7 @@ find_start_of_next_microdesc(const char *s, const char *eos) /* Okay, now we're pointed at the first line of the microdescriptor which is not an annotation or onion-key. The next line that _is_ an annotation or onion-key is the start of the next microdescriptor. */ while (s+32 < eos) { while (eos - s > 32) { if (*s == '@' || !strcmpstart(s, "onion-key")) return s; NEXT_LINE(); Loading Loading @@ -5667,4 +5667,3 @@ routerparse_free_all(void) { dump_desc_fifo_cleanup(); } Loading
changes/bug28202 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor bugfixes (C correctness): - Avoid undefined behavior in an end-of-string check when parsing the BEGIN line in a directory object. Fixes bug 28202; bugfix on 0.2.0.3-alpha.
src/or/parsecommon.c +1 −2 Original line number Diff line number Diff line Loading @@ -345,7 +345,7 @@ get_next_token(memarea_t *area, goto check_object; obstart = *s; /* Set obstart to start of object spec */ if (*s+16 >= eol || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */ if (eol - *s <= 16 || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */ strcmp_len(eol-5, "-----", 5) || /* nuls or invalid endings */ (eol-*s) > MAX_UNPARSED_OBJECT_SIZE) { /* name too long */ RET_ERR("Malformed object: bad begin line"); Loading Loading @@ -448,4 +448,3 @@ find_all_by_keyword(const smartlist_t *s, directory_keyword k) }); return out; }
src/or/routerparse.c +3 −4 Original line number Diff line number Diff line Loading @@ -4602,13 +4602,13 @@ find_start_of_next_microdesc(const char *s, const char *eos) return NULL; #define CHECK_LENGTH() STMT_BEGIN \ if (s+32 > eos) \ if (eos - s < 32) \ return NULL; \ STMT_END #define NEXT_LINE() STMT_BEGIN \ s = memchr(s, '\n', eos-s); \ if (!s || s+1 >= eos) \ if (!s || eos - s <= 1) \ return NULL; \ s++; \ STMT_END Loading @@ -4632,7 +4632,7 @@ find_start_of_next_microdesc(const char *s, const char *eos) /* Okay, now we're pointed at the first line of the microdescriptor which is not an annotation or onion-key. The next line that _is_ an annotation or onion-key is the start of the next microdescriptor. */ while (s+32 < eos) { while (eos - s > 32) { if (*s == '@' || !strcmpstart(s, "onion-key")) return s; NEXT_LINE(); Loading Loading @@ -5667,4 +5667,3 @@ routerparse_free_all(void) { dump_desc_fifo_cleanup(); }
