Merge branch 'maint-0.2.9' into maint-0.3.1

1ef8023e · Nick Mathewson · f48fb8a7 · 719b5c1d · 1ef8023e · 1ef8023e
Commit 1ef8023e authored 6 years ago by Nick Mathewson
--- a/changes/bug26196
+++ b/changes/bug26196
+  o Minor bugfixes (hardening):
+    - Prevent a possible out-of-bounds smartlist read in
+      protover_compute_vote(). Fixes bug 26196; bugfix on
+      0.2.9.4-alpha.
--- a/src/or/protover.c
+++ b/src/or/protover.c
@@ -453,6 +453,10 @@ cmp_single_ent_by_version(const void **a_, const void **b_)
 static char *
 contract_protocol_list(const smartlist_t *proto_strings)
 {
+  if (smartlist_len(proto_strings) == 0) {
+    return tor_strdup("");
+  }
+
  // map from name to list of single-version entries
  strmap_t *entry_lists_by_name = strmap_new();
  // list of protocol names
@@ -561,6 +565,10 @@ char *
 protover_compute_vote(const smartlist_t *list_of_proto_strings,
                      int threshold)
 {
+  if (smartlist_len(list_of_proto_strings) == 0) {
+    return tor_strdup("");
+  }
+
  smartlist_t *all_entries = smartlist_new();

  // First, parse the inputs and break them into singleton entries.
@@ -587,6 +595,11 @@ protover_compute_vote(const smartlist_t *list_of_proto_strings,
    smartlist_free(unexpanded);
  } SMARTLIST_FOREACH_END(vote);

+  if (smartlist_len(all_entries) == 0) {
+    smartlist_free(all_entries);
+    return tor_strdup("");
+  }
+
  // Now sort the singleton entries
  smartlist_sort_strings(all_entries);