Fix bounds-checking in policy_summarize

Found by piebeer.
This commit is contained in:
Robert Ransom 2011-01-20 11:17:57 -08:00
parent 5110490253
commit 43414eb988
2 changed files with 8 additions and 2 deletions

View File

@ -0,0 +1,6 @@
o Major bugfixes (security)
- Fix a bounds-checking error that could allow an attacker to
remotely crash a directory authority. Found by piebeer.
Bugfix on 0.2.1.5-alpha.

View File

@ -1209,8 +1209,8 @@ policy_summarize(smartlist_t *policy)
accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len); accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);
rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len); rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);
if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN && if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 &&
accepts_len > MAX_EXITPOLICY_SUMMARY_LEN) { accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) {
char *c; char *c;
shorter_str = accepts_str; shorter_str = accepts_str;
prefix = "accept"; prefix = "accept";