Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge remote-tracking branch 'origin/maint-0.2.4'

Nick Mathewson 11 years ago
parent
d34d0b4dc5 42731f69ef
commit
bbc049a756
4 changed files with 35 additions and 3 deletions
Split View Show Diff Stats
  1. 8 0
      changes/bug8037
  2. 14 0
      src/common/util.c
  3. 3 0
      src/common/util.h
  4. 10 3
      src/or/routerparse.c

+ 8 - 0
changes/bug8037
View File 

@@ -0,0 +1,8 @@
 
+  o Minor bugfixes:
 
+    - Correctly store microdescriptors and extrainfo descriptors with
 
+      an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
 
+      Bug reported by "cypherpunks".
 
+
 
+  o Minor features:
 
+    - Reject as invalid most directory objects containing a
 
+      NUL. Belt-and-suspender fix for bug 8037.

+ 14 - 0
src/common/util.c
View File 

@@ -281,6 +281,20 @@ tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
 
   return dup;
 
 }
 
 
+/** As tor_memdup(), but add an extra 0 byte at the end of the resulting
 
+ * memory. */
 
+void *
 
+tor_memdup_nulterm(const void *mem, size_t len DMALLOC_PARAMS)
 
+{
 
+  char *dup;
 
+  tor_assert(len < SIZE_T_CEILING+1);
 
+  tor_assert(mem);
 
+  dup = tor_malloc_(len+1 DMALLOC_FN_ARGS);
 
+  memcpy(dup, mem, len);
 
+  dup[len] = '\0';
 
+  return dup;
 
+}
 
+
 
 /** Helper for places that need to take a function pointer to the right
 
  * spelling of "free()". */
 
 void

+ 3 - 0
src/common/util.h
View File 

@@ -83,6 +83,8 @@ char *tor_strndup_(const char *s, size_t n DMALLOC_PARAMS)
 
   ATTR_MALLOC ATTR_NONNULL((1));
 
 void *tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
 
   ATTR_MALLOC ATTR_NONNULL((1));
 
+void *tor_memdup_nulterm_(const void *mem, size_t len DMALLOC_PARAMS)
 
+  ATTR_MALLOC ATTR_NONNULL((1));
 
 void tor_free_(void *mem);
 
 #ifdef USE_DMALLOC
 
 extern int dmalloc_free(const char *file, const int line, void *pnt,
 
@@ -116,6 +118,7 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
 
 #define tor_strdup(s)          tor_strdup_(s DMALLOC_ARGS)
 
 #define tor_strndup(s, n)      tor_strndup_(s, n DMALLOC_ARGS)
 
 #define tor_memdup(s, n)       tor_memdup_(s, n DMALLOC_ARGS)
 
+#define tor_memdup_nulterm(s, n)       tor_memdup_nulterm_(s, n DMALLOC_ARGS)
 
 
 void tor_log_mallinfo(int severity);

+ 10 - 3
src/or/routerparse.c
View File 

@@ -1494,7 +1494,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
 
   extrainfo = tor_malloc_zero(sizeof(extrainfo_t));
 
   extrainfo->cache_info.is_extrainfo = 1;
 
   if (cache_copy)
 
-    extrainfo->cache_info.signed_descriptor_body = tor_strndup(s, end-s);
 
+    extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s, end-s);
 
   extrainfo->cache_info.signed_descriptor_len = end-s;
 
   memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
 
 
@@ -3921,8 +3921,15 @@ tokenize_string(memarea_t *area,
 
   tor_assert(area);
 
 
   s = &start;
 
-  if (!end)
 
+  if (!end) {
 
     end = start+strlen(start);
 
+  } else {
 
+    /* it's only meaningful to check for nuls if we got an end-of-string ptr */
 
+    if (memchr(start, '\0', end-start)) {
 
+      log_warn(LD_DIR, "parse error: internal NUL character.");
 
+      return -1;
 
+    }
 
+  }
 
   for (i = 0; i < NIL_; ++i)
 
     counts[i] = 0;
 
 
@@ -4256,7 +4263,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
 
 
       md->bodylen = start_of_next_microdesc - cp;
 
       if (copy_body)
 
-        md->body = tor_strndup(cp, md->bodylen);
 
+        md->body = tor_memdup_nulterm(cp, md->bodylen);
 
       else
 
         md->body = (char*)cp;
 
       md->off = cp - start;