Accueil Explorer Aide
Connexion
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Reject most directory documents with an internal NUL.

(Specifically, we reject all the ones that aren't NUL-terminated,
since a NUL-terminated thing can't have a NUL in the middle.)

Another fix for #8037.
Nick Mathewson il y a 11 ans
Parent
acd72d4e3e
commit
0cf2c01dbd
2 fichiers modifiés avec 12 ajouts et 1 suppressions
Vue séparée Afficher les stats Diff
  1. 4 0
      changes/bug8037
  2. 8 1
      src/or/routerparse.c

+ 4 - 0
changes/bug8037
Voir le fichier 

@@ -2,3 +2,7 @@
 
     - Correctly store microdescriptors and extrainfo descriptors with
 
       an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
 
       Bug reported by "cypherpunks".
 
+
 
+  o Minor features:
 
+    - Reject as invalid most directory objects containing a
 
+      NUL. Belt-and-suspender fix for bug 8037.

+ 8 - 1
src/or/routerparse.c
Voir le fichier 

@@ -3902,8 +3902,15 @@ tokenize_string(memarea_t *area,
 
   tor_assert(area);
 
 
   s = &start;
 
-  if (!end)
 
+  if (!end) {
 
     end = start+strlen(start);
 
+  } else {
 
+    /* it's only meaningful to check for nuls if we got an end-of-string ptr */
 
+    if (memchr(start, '\0', end-start)) {
 
+      log_warn(LD_DIR, "parse error: internal NUL character.");
 
+      return -1;
 
+    }
 
+  }
 
   for (i = 0; i < NIL_; ++i)
 
     counts[i] = 0;