Limit version numbers to 0...INT32_MAX.

Closes 21450; patch from teor.
This commit is contained in:
Nick Mathewson 2017-02-15 07:57:34 -05:00
parent a1c3b391de
commit cb6b3b7cad
2 changed files with 8 additions and 1 deletions

4
changes/bug21450 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (voting consistency):
- Reject version numbers with components that exceed INT32_MAX.
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
Fixes bug 21450; bugfix on 0.0.8pre1.

View File

@ -5605,6 +5605,7 @@ tor_version_parse(const char *s, tor_version_t *out)
{
char *eos=NULL;
const char *cp=NULL;
int ok = 1;
/* Format is:
* "Tor " ? NUM dot NUM [ dot NUM [ ( pre | rc | dot ) NUM ] ] [ - tag ]
*/
@ -5620,7 +5621,9 @@ tor_version_parse(const char *s, tor_version_t *out)
#define NUMBER(m) \
do { \
out->m = (int)strtol(cp, &eos, 10); \
out->m = (int)tor_parse_uint64(val, 10, 0, INT32_MAX, &ok, &eos); \
if (!ok) \
return -1; \
if (!eos || eos == cp) \
return -1; \
cp = eos; \