mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-11 05:33:47 +01:00
Replace peek_buf_startswith() with a safe version
It's not okay to assume that the data in a buf_t is contiguous in the first chunk.
This commit is contained in:
parent
acf65544bb
commit
ed4bc55450
@ -2024,7 +2024,7 @@ parse_socks_client(const uint8_t *data, size_t datalen,
|
||||
|
||||
/** Return true if <b>cmd</b> looks like a HTTP (proxy) request. */
|
||||
int
|
||||
peek_buf_has_http_command(buf_t *buf)
|
||||
peek_buf_has_http_command(const buf_t *buf)
|
||||
{
|
||||
if (peek_buf_startswith(buf, "CONNECT ") ||
|
||||
peek_buf_startswith(buf, "DELETE ") ||
|
||||
@ -2036,15 +2036,18 @@ peek_buf_has_http_command(buf_t *buf)
|
||||
}
|
||||
|
||||
/** Return 1 iff <b>buf</b> starts with <b>cmd</b>. <b>cmd</b> must be a null
|
||||
* terminated string */
|
||||
* terminated string, of no more than PEEK_BUF_STARTSWITH_MAX bytes. */
|
||||
int
|
||||
peek_buf_startswith(buf_t *buf, const char *cmd)
|
||||
peek_buf_startswith(const buf_t *buf, const char *cmd)
|
||||
{
|
||||
char tmp[PEEK_BUF_STARTSWITH_MAX];
|
||||
size_t clen = strlen(cmd);
|
||||
if (buf->datalen >= clen)
|
||||
if (!strncasecmp((buf->head)->data, cmd, (size_t) clen))
|
||||
return 1;
|
||||
return 0;
|
||||
if (BUG(clen > sizeof(tmp)))
|
||||
return 0;
|
||||
if (buf->datalen < clen)
|
||||
return 0;
|
||||
peek_from_buf(tmp, clen, buf);
|
||||
return fast_memeq(tmp, cmd, clen);
|
||||
}
|
||||
|
||||
/** Return 1 iff buf looks more like it has an (obsolete) v0 controller
|
||||
|
@ -53,8 +53,9 @@ int fetch_from_buf_socks_client(buf_t *buf, int state, char **reason);
|
||||
int fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len);
|
||||
|
||||
int peek_buf_has_control0_command(buf_t *buf);
|
||||
int peek_buf_startswith(buf_t *buf, const char *cmd);
|
||||
int peek_buf_has_http_command(buf_t *buf);
|
||||
#define PEEK_BUF_STARTSWITH_MAX 16
|
||||
int peek_buf_startswith(const buf_t *buf, const char *cmd);
|
||||
int peek_buf_has_http_command(const buf_t *buf);
|
||||
|
||||
int fetch_ext_or_command_from_buf(buf_t *buf, ext_or_cmd_t **out);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user