Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Correctly copy microdescs/extrinfos with internal NUL bytes

Fixes bug 8037; bugfix on 0.2.0.1-alpha; reported by cypherpunks.
Nick Mathewson 11 years ago
parent
dfbd19df41
commit
acd72d4e3e
4 changed files with 23 additions and 2 deletions
Split View Show Diff Stats
  1. 4 0
      changes/bug8037
  2. 14 0
      src/common/util.c
  3. 3 0
      src/common/util.h
  4. 2 2
      src/or/routerparse.c

+ 4 - 0
changes/bug8037
View File 

@@ -0,0 +1,4 @@
 
+  o Minor bugfixes:
 
+    - Correctly store microdescriptors and extrainfo descriptors with
 
+      an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
 
+      Bug reported by "cypherpunks".

+ 14 - 0
src/common/util.c
View File 

@@ -282,6 +282,20 @@ tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
 
   return dup;
 
 }
 
 
+/** As tor_memdup(), but add an extra 0 byte at the end of the resulting
 
+ * memory. */
 
+void *
 
+tor_memdup_nulterm(const void *mem, size_t len DMALLOC_PARAMS)
 
+{
 
+  char *dup;
 
+  tor_assert(len < SIZE_T_CEILING+1);
 
+  tor_assert(mem);
 
+  dup = tor_malloc_(len+1 DMALLOC_FN_ARGS);
 
+  memcpy(dup, mem, len);
 
+  dup[len] = '\0';
 
+  return dup;
 
+}
 
+
 
 /** Helper for places that need to take a function pointer to the right
 
  * spelling of "free()". */
 
 void

+ 3 - 0
src/common/util.h
View File 

@@ -83,6 +83,8 @@ char *tor_strndup_(const char *s, size_t n DMALLOC_PARAMS)
 
   ATTR_MALLOC ATTR_NONNULL((1));
 
 void *tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
 
   ATTR_MALLOC ATTR_NONNULL((1));
 
+void *tor_memdup_nulterm_(const void *mem, size_t len DMALLOC_PARAMS)
 
+  ATTR_MALLOC ATTR_NONNULL((1));
 
 void tor_free_(void *mem);
 
 #ifdef USE_DMALLOC
 
 extern int dmalloc_free(const char *file, const int line, void *pnt,
 
@@ -117,6 +119,7 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
 
 #define tor_strdup(s)          tor_strdup_(s DMALLOC_ARGS)
 
 #define tor_strndup(s, n)      tor_strndup_(s, n DMALLOC_ARGS)
 
 #define tor_memdup(s, n)       tor_memdup_(s, n DMALLOC_ARGS)
 
+#define tor_memdup_nulterm(s, n)       tor_memdup_nulterm_(s, n DMALLOC_ARGS)
 
 
 void tor_log_mallinfo(int severity);

+ 2 - 2
src/or/routerparse.c
View File 

@@ -1494,7 +1494,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
 
   extrainfo = tor_malloc_zero(sizeof(extrainfo_t));
 
   extrainfo->cache_info.is_extrainfo = 1;
 
   if (cache_copy)
 
-    extrainfo->cache_info.signed_descriptor_body = tor_strndup(s, end-s);
 
+    extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s, end-s);
 
   extrainfo->cache_info.signed_descriptor_len = end-s;
 
   memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
 
 
@@ -4237,7 +4237,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
 
 
       md->bodylen = start_of_next_microdesc - cp;
 
       if (copy_body)
 
-        md->body = tor_strndup(cp, md->bodylen);
 
+        md->body = tor_memdup_nulterm(cp, md->bodylen);
 
       else
 
         md->body = (char*)cp;
 
       md->off = cp - start;