nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-12-02 16:43:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

r18286@catbus: nickm | 2008-02-20 21:10:33 -0500

Browse Source 
Fix a bug that kept buf_find_string_offset from finding a string at the very end of the buffer.  Add a unit test for this. Also, do not save a pointer to a chunk that might get reallocated by buf_pullup().


svn:r13635
This commit is contained in:
Nick Mathewson 2008-02-21 02:10:38 +00:00
parent 3b58f9929f
commit 0e9dcfab97
3 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -19,6 +19,7 @@ Changes in version 0.2.0.20-?? - 2008-02-??
0.2.0.x 0.2.0.x
- Fix code used to find strings within buffers, when those strings - Fix code used to find strings within buffers, when those strings
are not in the first chunk of the buffer. are not in the first chunk of the buffer.
- Fix potential segfault when parsing HTTP headers. Bugfix on 0.2.0.x.
o Minor features (performance): o Minor features (performance):
- Tune parameters for cell pool allocation to minimize amount of - Tune parameters for cell pool allocation to minimize amount of

14
src/or/buffers.c
View File

@ -1072,18 +1072,24 @@ static int
buf_matches_at_pos(const buf_pos_t *pos, const char *s, size_t n) buf_matches_at_pos(const buf_pos_t *pos, const char *s, size_t n)
{ {
buf_pos_t p; buf_pos_t p;
if (!n)
return 1;
memcpy(&p, pos, sizeof(p)); memcpy(&p, pos, sizeof(p));
while (n) { while (1) {
char ch = p.chunk->data[p.pos]; char ch = p.chunk->data[p.pos];
if (ch != *s) if (ch != *s)
return 0; return 0;
++s; ++s;
--n; /* If we're out of characters that don't match, we match. Check this
* _before_ we test incrementing pos, in case we're at the end of the
* string. */
if (--n == 0)
return 1;
if (buf_pos_inc(&p)<0) if (buf_pos_inc(&p)<0)
return 0; return 0;
} }
return 1;
} }
/** Return the first position in <b>buf</b> at which the <b>n</b>-character /** Return the first position in <b>buf</b> at which the <b>n</b>-character
@ -1137,7 +1143,6 @@ fetch_from_buf_http(buf_t *buf,
if (!buf->head) if (!buf->head)
return 0; return 0;
headers = buf->head->data;
crlf_offset = buf_find_string_offset(buf, "\r\n\r\n", 4); crlf_offset = buf_find_string_offset(buf, "\r\n\r\n", 4);
if (crlf_offset > (int)max_headerlen || if (crlf_offset > (int)max_headerlen ||
(crlf_offset < 0 && buf->datalen > max_headerlen)) { (crlf_offset < 0 && buf->datalen > max_headerlen)) {
@ -1153,6 +1158,7 @@ fetch_from_buf_http(buf_t *buf,
buf_pullup(buf, crlf_offset+4, 0); buf_pullup(buf, crlf_offset+4, 0);
headerlen = crlf_offset + 4; headerlen = crlf_offset + 4;
headers = buf->head->data;
bodylen = buf->datalen - headerlen; bodylen = buf->datalen - headerlen;
log_debug(LD_HTTP,"headerlen %d, bodylen %d.", (int)headerlen, (int)bodylen); log_debug(LD_HTTP,"headerlen %d, bodylen %d.", (int)headerlen, (int)bodylen);

1
src/or/test.c
View File

@ -267,6 +267,7 @@ test_buffers(void)
test_eq(39, buf_find_string_offset(buf, "ing str", 7)); test_eq(39, buf_find_string_offset(buf, "ing str", 7));
test_eq(35, buf_find_string_offset(buf, "Testing str", 11)); test_eq(35, buf_find_string_offset(buf, "Testing str", 11));
test_eq(32, buf_find_string_offset(buf, "ng ", 3)); test_eq(32, buf_find_string_offset(buf, "ng ", 3));
test_eq(43, buf_find_string_offset(buf, "string.", 7));
test_eq(-1, buf_find_string_offset(buf, "shrdlu", 6)); test_eq(-1, buf_find_string_offset(buf, "shrdlu", 6));
test_eq(-1, buf_find_string_offset(buf, "Testing thing", 13)); test_eq(-1, buf_find_string_offset(buf, "Testing thing", 13));
test_eq(-1, buf_find_string_offset(buf, "ngx", 3)); test_eq(-1, buf_find_string_offset(buf, "ngx", 3));