nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 21:16:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix bounds-checking in policy_summarize

Browse Source 
Found by piebeer.
This commit is contained in:
Robert Ransom 2011-01-20 11:17:57 -08:00
parent 5110490253
commit 43414eb988
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changes/policy_summarize-assert Normal file
View File

@ -0,0 +1,6 @@
o Major bugfixes (security)
- Fix a bounds-checking error that could allow an attacker to
remotely crash a directory authority. Found by piebeer.
Bugfix on 0.2.1.5-alpha.

4
src/or/policies.c
View File

@ -1209,8 +1209,8 @@ policy_summarize(smartlist_t *policy)
accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);
rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);
if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN &&
accepts_len > MAX_EXITPOLICY_SUMMARY_LEN) {
if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 &&
accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) {
char *c;
shorter_str = accepts_str;
prefix = "accept";