From 48bdc2f729cba1a22305f6150d230cf0334ebd55 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 18 Apr 2011 13:53:13 -0700
Subject: [PATCH] Correct HS descriptor length check

Fixes bug 2948.
---
 changes/bug2948      | 7 +++++++
 src/or/routerparse.c | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 changes/bug2948

diff --git a/changes/bug2948 b/changes/bug2948
new file mode 100644
index 0000000000..640ef625d9
--- /dev/null
+++ b/changes/bug2948
@@ -0,0 +1,7 @@
+  o Minor bugfixes
+    - Only limit the lengths of single HS descriptors, even when
+      multiple HS descriptors are published to an HSDir relay in a
+      single POST operation.  Fixes bug 2948; bugfix on 0.2.1.5-alpha.
+      Found by hsdir.
+
+
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 8456a0a02d..dd72eb6bb4 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4638,12 +4638,12 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
   else
     eos = eos + 1;
   /* Check length. */
-  if (strlen(desc) > REND_DESC_MAX_SIZE) {
+  if (eos-desc > REND_DESC_MAX_SIZE) {
     /* XXX023 If we are parsing this descriptor as a server, this
      * should be a protocol warning. */
     log_warn(LD_REND, "Descriptor length is %i which exceeds "
              "maximum rendezvous descriptor size of %i bytes.",
-             (int)strlen(desc), REND_DESC_MAX_SIZE);
+             (int)(eos-desc), REND_DESC_MAX_SIZE);
     goto err;
   }
   /* Tokenize descriptor. */