From e7241044e8f582a61c63d462fbbd1e3b593505ce Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 12 Oct 2004 19:01:53 +0000 Subject: [PATCH] Better bounds checking on parsed ints svn:r2450 --- src/common/util.c | 2 +- src/or/rendservice.c | 4 ++++ src/or/routerparse.c | 8 ++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/common/util.c b/src/common/util.c index 5065e97216..6ff45a1cea 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -2052,7 +2052,7 @@ parse_addr_port(const char *addrport, char **address, uint32_t *addr, if (colon) { _address = tor_strndup(addrport, colon-addrport); _port = atoi(colon+1); - if (_port<1 || _port>65536) { + if (_port<1 || _port>65535) { log_fn(LOG_WARN, "Port '%s' out of range", colon+1); _port = 0; ok = 0; diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 06014df53a..f14b31557e 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -161,6 +161,10 @@ static rend_service_port_config_t *parse_port_config(const char *string) log_fn(LOG_WARN, "Unparseable of missing port in hidden service port configuration."); return NULL; } + if (realport < 1 || realport > 65535) { + log_fn(LOG_WARN, "Port out of range"); + return NULL; + } addr = 0x7F000001u; /* Default to 127.0.0.1 */ } diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 4ae2222456..b973909312 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1053,6 +1053,10 @@ router_parse_exit_policy(directory_token_t *tok) { bits = (int) strtol(mask, &endptr, 10); if (!*endptr) { /* strtol handled the whole mask. */ + if (bits < 0 || bits > 32) { + log_fn(LOG_WARN, "Bad number of mask bits on exit policy; rejecting."); + goto policy_read_failed; + } newe->msk = ~((1<<(32-bits))-1); } else if (tor_inet_aton(mask, &in) != 0) { newe->msk = ntohl(in.s_addr); @@ -1083,6 +1087,10 @@ router_parse_exit_policy(directory_token_t *tok) { } else { newe->prt_max = newe->prt_min; } + if (newe->prt_min > newe->prt_max) { + log_fn(LOG_WARN,"Insane port range on exit policy; rejecting."); + goto policy_read_failed; + } } in.s_addr = htonl(newe->addr);