Commit 6a68b505 authored by Sebastian Hahn's avatar Sebastian Hahn Committed by Nick Mathewson
Browse files

Make sure we can't overflow in connection_ap_handshake_send_resolve

Found by Coverity
parent a4d6d830
Loading
Loading
Loading
Loading
+2 −0
Original line number Diff line number Diff line
@@ -19,6 +19,8 @@ Changes in version 0.2.2.4-alpha - 2009-??-??
      on 0.2.2.1-alpha.
    - Fix two memory leaks in the error case of
      circuit_build_times_parse_state. Bugfix on 0.2.2.2-alpha.
    - Make it explicit that we can't overflow in
      connection_ap_handshake_send_resolve. Bugfix on 0.0.7.1-1.

Changes in version 0.2.2.3-alpha - 2009-09-23
  o Major bugfixes:
+2 −1
Original line number Diff line number Diff line
@@ -2156,8 +2156,9 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
    tor_assert(payload_len <= (int)sizeof(inaddr_buf));
  }

  if (payload_len > RELAY_PAYLOAD_SIZE) {
  if (payload_len > MAX_SOCKS_ADDR_LEN) {
    /* This should be impossible: we don't accept addresses this big. */
    /* XXX Should we log a bug here? */
    connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
    return -1;
  }