From 12dad5ebf798232111919d5498f522d5b3f146a5 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 7 Sep 2017 09:20:00 -0400 Subject: [PATCH] Fix crashes on empty +HSPOST and +POSTDESCRIPTOR commands Fixes bug 22644; bugfix on 0.2.7.1-alpha and 0.2.0.1-alpha respectively. --- changes/bug22644 | 5 +++++ src/or/control.c | 16 ++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 changes/bug22644 diff --git a/changes/bug22644 b/changes/bug22644 new file mode 100644 index 0000000000..9b8742edaf --- /dev/null +++ b/changes/bug22644 @@ -0,0 +1,5 @@ + o Minor bugfixes (controller): + - Do not crash when receiving a POSTDESCRIPTOR command with an + empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. + - Do not crash when receiving a HSPOST command with an empty body. + Fixes part of bug 22644; bugfix on 0.2.7.1-alpha. diff --git a/src/or/control.c b/src/or/control.c index 1bf1e33bbc..03d9fcee2a 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3568,12 +3568,15 @@ handle_control_postdescriptor(control_connection_t *conn, uint32_t len, int cache = 0; /* eventually, we may switch this to 1 */ const char *cp = memchr(body, '\n', len); - smartlist_t *args = smartlist_new(); - tor_assert(cp); + + if (cp == NULL) { + connection_printf_to_buf(conn, "251 Empty body\r\n"); + return 0; + } ++cp; char *cmdline = tor_memdup_nulterm(body, cp-body); - + smartlist_t *args = smartlist_new(); smartlist_split_string(args, cmdline, " ", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); SMARTLIST_FOREACH_BEGIN(args, char *, option) { @@ -4158,14 +4161,19 @@ handle_control_hspost(control_connection_t *conn, const char *body) { static const char *opt_server = "SERVER="; - smartlist_t *args = smartlist_new(); smartlist_t *hs_dirs = NULL; const char *encoded_desc = body; size_t encoded_desc_len = len; char *cp = memchr(body, '\n', len); + if (cp == NULL) { + connection_printf_to_buf(conn, "251 Empty body\r\n"); + return 0; + } char *argline = tor_strndup(body, cp-body); + smartlist_t *args = smartlist_new(); + /* If any SERVER= options were specified, try parse the options line */ if (!strcasecmpstart(argline, opt_server)) { /* encoded_desc begins after a newline character */