nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 21:44:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Handle relay cells with rh.length too large.

Browse Source 
svn:r4264
This commit is contained in:
Nick Mathewson 2005-05-17 20:00:24 +00:00
parent 9abef5e483
commit e7354725bb
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/or/relay.c
View File

@ -779,6 +779,11 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
num_seen++;
log_fn(LOG_DEBUG,"Now seen %d relay cells here.", num_seen);
if (rh.length > RELAY_PAYLOAD_SIZE) {
log_fn(LOG_WARN, "Relay cell length field too long. Closing circuit.");
return -1;
}
/* either conn is NULL, in which case we've got a control cell, or else
* conn points to the recognized stream. */