mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Fix bounds-checking in policy_summarize
Found by piebeer.
This commit is contained in:
parent
5110490253
commit
43414eb988
6
changes/policy_summarize-assert
Normal file
6
changes/policy_summarize-assert
Normal file
@ -0,0 +1,6 @@
|
||||
o Major bugfixes (security)
|
||||
- Fix a bounds-checking error that could allow an attacker to
|
||||
remotely crash a directory authority. Found by piebeer.
|
||||
Bugfix on 0.2.1.5-alpha.
|
||||
|
||||
|
@ -1209,8 +1209,8 @@ policy_summarize(smartlist_t *policy)
|
||||
accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);
|
||||
rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);
|
||||
|
||||
if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN &&
|
||||
accepts_len > MAX_EXITPOLICY_SUMMARY_LEN) {
|
||||
if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 &&
|
||||
accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) {
|
||||
char *c;
|
||||
shorter_str = accepts_str;
|
||||
prefix = "accept";
|
||||
|
Loading…
Reference in New Issue
Block a user