Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Make sure we can't overflow in connection_ap_handshake_send_resolve

Found by Coverity
Sebastian Hahn 16 years ago
parent
a4d6d83051
commit
6a68b50597
2 changed files with 4 additions and 1 deletions
Split View Show Diff Stats
  1. 2 0
      ChangeLog
  2. 2 1
      src/or/connection_edge.c

+ 2 - 0
ChangeLog
View File 

@@ -19,6 +19,8 @@ Changes in version 0.2.2.4-alpha - 2009-??-??
 
       on 0.2.2.1-alpha.
 
     - Fix two memory leaks in the error case of
 
       circuit_build_times_parse_state. Bugfix on 0.2.2.2-alpha.
 
+    - Make it explicit that we can't overflow in
 
+      connection_ap_handshake_send_resolve. Bugfix on 0.0.7.1-1.
 
 
 Changes in version 0.2.2.3-alpha - 2009-09-23
 
   o Major bugfixes:

+ 2 - 1
src/or/connection_edge.c
View File 

@@ -2156,8 +2156,9 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
 
     tor_assert(payload_len <= (int)sizeof(inaddr_buf));
 
   }
 
 
-  if (payload_len > RELAY_PAYLOAD_SIZE) {
 
+  if (payload_len > MAX_SOCKS_ADDR_LEN) {
 
     /* This should be impossible: we don't accept addresses this big. */
 
+    /* XXX Should we log a bug here? */
 
     connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
 
     return -1;
 
   }