Merge branch 'bug8037_squashed' into maint-0.2.4

This commit is contained in:
Nick Mathewson 2013-04-17 10:45:45 -04:00
commit 42731f69ef
4 changed files with 35 additions and 3 deletions

8
changes/bug8037 Normal file
View File

@ -0,0 +1,8 @@
o Minor bugfixes:
- Correctly store microdescriptors and extrainfo descriptors with
an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
Bug reported by "cypherpunks".
o Minor features:
- Reject as invalid most directory objects containing a
NUL. Belt-and-suspender fix for bug 8037.

View File

@ -281,6 +281,20 @@ tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
return dup;
}
/** As tor_memdup(), but add an extra 0 byte at the end of the resulting
* memory. */
void *
tor_memdup_nulterm(const void *mem, size_t len DMALLOC_PARAMS)
{
char *dup;
tor_assert(len < SIZE_T_CEILING+1);
tor_assert(mem);
dup = tor_malloc_(len+1 DMALLOC_FN_ARGS);
memcpy(dup, mem, len);
dup[len] = '\0';
return dup;
}
/** Helper for places that need to take a function pointer to the right
* spelling of "free()". */
void

View File

@ -83,6 +83,8 @@ char *tor_strndup_(const char *s, size_t n DMALLOC_PARAMS)
ATTR_MALLOC ATTR_NONNULL((1));
void *tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
ATTR_MALLOC ATTR_NONNULL((1));
void *tor_memdup_nulterm_(const void *mem, size_t len DMALLOC_PARAMS)
ATTR_MALLOC ATTR_NONNULL((1));
void tor_free_(void *mem);
#ifdef USE_DMALLOC
extern int dmalloc_free(const char *file, const int line, void *pnt,
@ -116,6 +118,7 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
#define tor_strdup(s) tor_strdup_(s DMALLOC_ARGS)
#define tor_strndup(s, n) tor_strndup_(s, n DMALLOC_ARGS)
#define tor_memdup(s, n) tor_memdup_(s, n DMALLOC_ARGS)
#define tor_memdup_nulterm(s, n) tor_memdup_nulterm_(s, n DMALLOC_ARGS)
void tor_log_mallinfo(int severity);

View File

@ -1494,7 +1494,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
extrainfo = tor_malloc_zero(sizeof(extrainfo_t));
extrainfo->cache_info.is_extrainfo = 1;
if (cache_copy)
extrainfo->cache_info.signed_descriptor_body = tor_strndup(s, end-s);
extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s, end-s);
extrainfo->cache_info.signed_descriptor_len = end-s;
memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
@ -3921,8 +3921,15 @@ tokenize_string(memarea_t *area,
tor_assert(area);
s = &start;
if (!end)
if (!end) {
end = start+strlen(start);
} else {
/* it's only meaningful to check for nuls if we got an end-of-string ptr */
if (memchr(start, '\0', end-start)) {
log_warn(LD_DIR, "parse error: internal NUL character.");
return -1;
}
}
for (i = 0; i < NIL_; ++i)
counts[i] = 0;
@ -4256,7 +4263,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
md->bodylen = start_of_next_microdesc - cp;
if (copy_body)
md->body = tor_strndup(cp, md->bodylen);
md->body = tor_memdup_nulterm(cp, md->bodylen);
else
md->body = (char*)cp;
md->off = cp - start;