mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Fix bounds-checking in policy_summarize
Found by piebeer.
This commit is contained in:
parent
5110490253
commit
43414eb988
6
changes/policy_summarize-assert
Normal file
6
changes/policy_summarize-assert
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
o Major bugfixes (security)
|
||||||
|
- Fix a bounds-checking error that could allow an attacker to
|
||||||
|
remotely crash a directory authority. Found by piebeer.
|
||||||
|
Bugfix on 0.2.1.5-alpha.
|
||||||
|
|
||||||
|
|
@ -1209,8 +1209,8 @@ policy_summarize(smartlist_t *policy)
|
|||||||
accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);
|
accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);
|
||||||
rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);
|
rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);
|
||||||
|
|
||||||
if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN &&
|
if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 &&
|
||||||
accepts_len > MAX_EXITPOLICY_SUMMARY_LEN) {
|
accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) {
|
||||||
char *c;
|
char *c;
|
||||||
shorter_str = accepts_str;
|
shorter_str = accepts_str;
|
||||||
prefix = "accept";
|
prefix = "accept";
|
||||||
|
Loading…
Reference in New Issue
Block a user