diff --git a/changes/bug26007 b/changes/bug26007 new file mode 100644 index 0000000000..efcd15084d --- /dev/null +++ b/changes/bug26007 @@ -0,0 +1,5 @@ + o Major bugfixes (directory authorities, security): + - When directory authorities read a zero-byte bandwidth file, they log + a warning with the contents of an uninitialised buffer. Log a warning + about the empty file instead. + Fixes bug 26007; bugfix on 0.2.2.1-alpha. diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 61383aa861..e058e04f8b 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2569,14 +2569,23 @@ dirserv_read_measured_bandwidths(const char *from_file, time_t file_time, now; int ok; + /* Initialise line, so that we can't possibly run off the end. */ + memset(line, 0, sizeof(line)); + if (fp == NULL) { log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s", from_file); return -1; } - if (!fgets(line, sizeof(line), fp) - || !strlen(line) || line[strlen(line)-1] != '\n') { + /* If fgets fails, line is either unmodified, or indeterminate. */ + if (!fgets(line, sizeof(line), fp)) { + log_warn(LD_DIRSERV, "Empty bandwidth file"); + fclose(fp); + return -1; + } + + if (!strlen(line) || line[strlen(line)-1] != '\n') { log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s", escaped(line)); fclose(fp);