nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 14:23:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correct HS descriptor length check

Browse Source 
Fixes bug 2948.
This commit is contained in:
Nick Mathewson 2011-04-18 13:53:13 -07:00 committed by Robert Ransom
parent 130db1bdeb
commit 48bdc2f729
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
changes/bug2948 Normal file
View File

@ -0,0 +1,7 @@
o Minor bugfixes
- Only limit the lengths of single HS descriptors, even when
multiple HS descriptors are published to an HSDir relay in a
single POST operation. Fixes bug 2948; bugfix on 0.2.1.5-alpha.
Found by hsdir.

4
src/or/routerparse.c
View File

@ -4638,12 +4638,12 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
else else
eos = eos + 1; eos = eos + 1;
/* Check length. */ /* Check length. */
if (strlen(desc) > REND_DESC_MAX_SIZE) { if (eos-desc > REND_DESC_MAX_SIZE) {
/* XXX023 If we are parsing this descriptor as a server, this /* XXX023 If we are parsing this descriptor as a server, this
* should be a protocol warning. */ * should be a protocol warning. */
log_warn(LD_REND, "Descriptor length is %i which exceeds " log_warn(LD_REND, "Descriptor length is %i which exceeds "
"maximum rendezvous descriptor size of %i bytes.", "maximum rendezvous descriptor size of %i bytes.",
(int)strlen(desc), REND_DESC_MAX_SIZE); (int)(eos-desc), REND_DESC_MAX_SIZE);
goto err; goto err;
} }
/* Tokenize descriptor. */ /* Tokenize descriptor. */