nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 06:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix a potential memory stomp on servers running hidden services. Found by weasel with valgrind. Backport candidate.

Browse Source 
svn:r5579
This commit is contained in:
Nick Mathewson 2005-12-14 02:19:27 +00:00
parent 86d69218ef
commit 4f38670328
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/or/rendcommon.c
View File

@ -56,7 +56,8 @@ rend_encode_service_descriptor(rend_service_descriptor_t *desc,
char *end; char *end;
int i; int i;
size_t asn1len; size_t asn1len;
cp = *str_out = tor_malloc(PK_BYTES*2*(desc->n_intro_points+2)); /*Too long, but ok*/ size_t buflen = PK_BYTES*2*(desc->n_intro_points+2);/*Too long, but ok*/
cp = *str_out = tor_malloc(buflen);
end = cp + PK_BYTES*2*(desc->n_intro_points+1); end = cp + PK_BYTES*2*(desc->n_intro_points+1);
if (version) { if (version) {
*(uint8_t*)cp = (uint8_t)0xff; *(uint8_t*)cp = (uint8_t)0xff;
@ -77,7 +78,7 @@ rend_encode_service_descriptor(rend_service_descriptor_t *desc,
if (version == 0) { if (version == 0) {
for (i=0; i < desc->n_intro_points; ++i) { for (i=0; i < desc->n_intro_points; ++i) {
char *ipoint = (char*)desc->intro_points[i]; char *ipoint = (char*)desc->intro_points[i];
strlcpy(cp, ipoint, *len_out-(cp-*str_out)); strlcpy(cp, ipoint, buflen-(cp-*str_out));
cp += strlen(ipoint)+1; cp += strlen(ipoint)+1;
} }
} else { } else {