Browse Source

Detect an unlikely integer overflow.

Nick Mathewson 5 years ago
parent
commit
b058f64cc0
2 changed files with 6 additions and 1 deletions
  1. 4 1
      src/feature/stats/geoip_stats.c
  2. 2 0
      src/lib/geoip/country.h

+ 4 - 1
src/feature/stats/geoip_stats.c

@@ -265,7 +265,10 @@ geoip_note_client_seen(geoip_client_action_t action,
     int country_idx = geoip_get_country_by_addr(addr);
     if (country_idx < 0)
       country_idx = 0; /** unresolved requests are stored at index 0. */
-    increment_v3_ns_request(country_idx);
+    IF_BUG_ONCE(country_idx > COUNTRY_MAX) {
+      return;
+    }
+    increment_v3_ns_request((country_t) country_idx);
   }
 }
 

+ 2 - 0
src/lib/geoip/country.h

@@ -11,4 +11,6 @@
 /** A signed integer representing a country code. */
 typedef int16_t country_t;
 
+#define COUNTRY_MAX INT16_MAX
+
 #endif