nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 14:23:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

clean up 3 more underflow possibilities

Browse Source 
svn:r3063
This commit is contained in:
Roger Dingledine 2004-12-02 04:31:52 +00:00
parent 0799804c60
commit db5e100cde
1 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/or/router.c
View File

@ -709,17 +709,15 @@ int router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
tor_free(identity_pkey); tor_free(identity_pkey);
tor_free(bandwidth_usage); tor_free(bandwidth_usage);
if (result < 0 || (size_t)result >= maxlen) { if (result < 0)
/* apparently different glibcs do different things on tor_snprintf error.. so check both */
return -1; return -1;
}
/* From now on, we use 'written' to remember the current length of 's'. */ /* From now on, we use 'written' to remember the current length of 's'. */
written = result; written = result;
if (get_options()->ContactInfo && strlen(get_options()->ContactInfo)) { if (get_options()->ContactInfo && strlen(get_options()->ContactInfo)) {
result = tor_snprintf(s+written,maxlen-written, "opt contact %s\n", result = tor_snprintf(s+written,maxlen-written, "opt contact %s\n",
get_options()->ContactInfo); get_options()->ContactInfo);
if (result<0 || result+written > maxlen) if (result<0)
return -1; return -1;
written += result; written += result;
} }
@ -731,36 +729,34 @@ int router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
result = tor_snprintf(s+written, maxlen-written, "%s %s", result = tor_snprintf(s+written, maxlen-written, "%s %s",
tmpe->policy_type == ADDR_POLICY_ACCEPT ? "accept" : "reject", tmpe->policy_type == ADDR_POLICY_ACCEPT ? "accept" : "reject",
tmpe->msk == 0 ? "*" : inet_ntoa(in)); tmpe->msk == 0 ? "*" : inet_ntoa(in));
if (result < 0 || result+written > maxlen) { if (result < 0)
/* apparently different glibcs do different things on tor_snprintf error.. so check both */
return -1; return -1;
}
written += result; written += result;
if (tmpe->msk != 0xFFFFFFFFu && tmpe->msk != 0) { if (tmpe->msk != 0xFFFFFFFFu && tmpe->msk != 0) {
/* Write "/255.255.0.0" */ /* Write "/255.255.0.0" */
in.s_addr = htonl(tmpe->msk); in.s_addr = htonl(tmpe->msk);
result = tor_snprintf(s+written, maxlen-written, "/%s", inet_ntoa(in)); result = tor_snprintf(s+written, maxlen-written, "/%s", inet_ntoa(in));
if (result<0 || result+written > maxlen) if (result<0)
return -1; return -1;
written += result; written += result;
} }
if (tmpe->prt_min <= 1 && tmpe->prt_max == 65535) { if (tmpe->prt_min <= 1 && tmpe->prt_max == 65535) {
/* There is no port set; write ":*" */ /* There is no port set; write ":*" */
if (written > maxlen-4) if (written+4 > maxlen)
return -1; return -1;
strlcat(s+written, ":*\n", maxlen-written); strlcat(s+written, ":*\n", maxlen-written);
written += 3; written += 3;
} else if (tmpe->prt_min == tmpe->prt_max) { } else if (tmpe->prt_min == tmpe->prt_max) {
/* There is only one port; write ":80". */ /* There is only one port; write ":80". */
result = tor_snprintf(s+written, maxlen-written, ":%d\n", tmpe->prt_min); result = tor_snprintf(s+written, maxlen-written, ":%d\n", tmpe->prt_min);
if (result<0 || result+written > maxlen) if (result<0)
return -1; return -1;
written += result; written += result;
} else { } else {
/* There is a range of ports; write ":79-80". */ /* There is a range of ports; write ":79-80". */
result = tor_snprintf(s+written, maxlen-written, ":%d-%d\n", tmpe->prt_min, result = tor_snprintf(s+written, maxlen-written, ":%d-%d\n", tmpe->prt_min,
tmpe->prt_max); tmpe->prt_max);
if (result<0 || result+written > maxlen) if (result<0)
return -1; return -1;
written += result; written += result;
} }
@ -768,7 +764,7 @@ int router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
/* This was a catch-all rule, so future rules are irrelevant. */ /* This was a catch-all rule, so future rules are irrelevant. */
break; break;
} /* end for */ } /* end for */
if (written > maxlen-256) /* Not enough room for signature. */ if (written+256 > maxlen) /* Not enough room for signature. */
return -1; return -1;
/* Sign the directory */ /* Sign the directory */
@ -792,7 +788,7 @@ int router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
strlcat(s+written, "-----END SIGNATURE-----\n", maxlen-written); strlcat(s+written, "-----END SIGNATURE-----\n", maxlen-written);
written += strlen(s+written); written += strlen(s+written);
if (written > maxlen-2) if (written+2 > maxlen)
return -1; return -1;
/* include a last '\n' */ /* include a last '\n' */
s[written] = '\n'; s[written] = '\n';