Loading changes/bug26196 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor bugfixes (hardening): - Prevent a possible out-of-bounds smartlist read in protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. src/or/protover.c +13 −0 Original line number Diff line number Diff line Loading @@ -453,6 +453,10 @@ cmp_single_ent_by_version(const void **a_, const void **b_) static char * contract_protocol_list(const smartlist_t *proto_strings) { if (smartlist_len(proto_strings) == 0) { return tor_strdup(""); } // map from name to list of single-version entries strmap_t *entry_lists_by_name = strmap_new(); // list of protocol names Loading Loading @@ -561,6 +565,10 @@ char * protover_compute_vote(const smartlist_t *list_of_proto_strings, int threshold) { if (smartlist_len(list_of_proto_strings) == 0) { return tor_strdup(""); } smartlist_t *all_entries = smartlist_new(); // First, parse the inputs and break them into singleton entries. Loading @@ -587,6 +595,11 @@ protover_compute_vote(const smartlist_t *list_of_proto_strings, smartlist_free(unexpanded); } SMARTLIST_FOREACH_END(vote); if (smartlist_len(all_entries) == 0) { smartlist_free(all_entries); return tor_strdup(""); } // Now sort the singleton entries smartlist_sort_strings(all_entries); Loading Loading
changes/bug26196 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor bugfixes (hardening): - Prevent a possible out-of-bounds smartlist read in protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
src/or/protover.c +13 −0 Original line number Diff line number Diff line Loading @@ -453,6 +453,10 @@ cmp_single_ent_by_version(const void **a_, const void **b_) static char * contract_protocol_list(const smartlist_t *proto_strings) { if (smartlist_len(proto_strings) == 0) { return tor_strdup(""); } // map from name to list of single-version entries strmap_t *entry_lists_by_name = strmap_new(); // list of protocol names Loading Loading @@ -561,6 +565,10 @@ char * protover_compute_vote(const smartlist_t *list_of_proto_strings, int threshold) { if (smartlist_len(list_of_proto_strings) == 0) { return tor_strdup(""); } smartlist_t *all_entries = smartlist_new(); // First, parse the inputs and break them into singleton entries. Loading @@ -587,6 +595,11 @@ protover_compute_vote(const smartlist_t *list_of_proto_strings, smartlist_free(unexpanded); } SMARTLIST_FOREACH_END(vote); if (smartlist_len(all_entries) == 0) { smartlist_free(all_entries); return tor_strdup(""); } // Now sort the singleton entries smartlist_sort_strings(all_entries); Loading
