Document and test nul-terminating behavior of tor_uncompress()

We added this as a safety feature, but there are a few places in the
code that actually depend on it.
This commit is contained in:
Nick Mathewson 2017-04-27 10:59:48 -04:00
parent 199e61feb5
commit 49deb1e1b8
2 changed files with 10 additions and 0 deletions

View File

@ -221,6 +221,12 @@ tor_compress(char **out, size_t *out_len,
* *<b>out</b>, and its length in *<b>out_len</b>. Return 0 on success, -1 on * *<b>out</b>, and its length in *<b>out_len</b>. Return 0 on success, -1 on
* failure. * failure.
* *
* If any bytes are written to <b>out</b>, an extra byte NUL is always
* written at the end, but not counted in <b>out_len</b>. This is a
* safety feature to ensure that the output can be treated as a
* NUL-terminated string -- though of course, callers should check
* out_len anyway.
*
* If <b>complete_only</b> is true, we consider a truncated input as a * If <b>complete_only</b> is true, we consider a truncated input as a
* failure; otherwise we decompress as much as we can. Warn about truncated * failure; otherwise we decompress as much as we can. Warn about truncated
* or corrupt inputs at <b>protocol_warn_level</b>. * or corrupt inputs at <b>protocol_warn_level</b>.

View File

@ -2262,6 +2262,7 @@ test_util_compress_impl(compress_method_t method)
tt_assert(buf3 != NULL); tt_assert(buf3 != NULL);
tt_int_op(strlen(buf1) + 1, OP_EQ, len2); tt_int_op(strlen(buf1) + 1, OP_EQ, len2);
tt_str_op(buf1, OP_EQ, buf3); tt_str_op(buf1, OP_EQ, buf3);
tt_int_op(buf3[len2], OP_EQ, 0);
/* Check whether we can uncompress concatenated, compressed strings. */ /* Check whether we can uncompress concatenated, compressed strings. */
tor_free(buf3); tor_free(buf3);
@ -2273,6 +2274,7 @@ test_util_compress_impl(compress_method_t method)
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0",
(strlen(buf1)+1)*2); (strlen(buf1)+1)*2);
tt_int_op(buf3[len2], OP_EQ, 0);
/* Check whether we can uncompress partial strings */ /* Check whether we can uncompress partial strings */
@ -2296,6 +2298,8 @@ test_util_compress_impl(compress_method_t method)
tt_int_op(len2, OP_GT, 5); tt_int_op(len2, OP_GT, 5);
tt_int_op(len2, OP_LE, len1); tt_int_op(len2, OP_LE, len1);
tt_assert(fast_memeq(buf1, buf3, len2)); tt_assert(fast_memeq(buf1, buf3, len2));
tt_int_op(buf3[len2], OP_EQ, 0);
/* when we demand a complete output, this must fail. */ /* when we demand a complete output, this must fail. */
tor_free(buf3); tor_free(buf3);
tt_assert(tor_uncompress(&buf3, &len2, buf2, len1-16, tt_assert(tor_uncompress(&buf3, &len2, buf2, len1-16,