mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 12:23:32 +01:00
96d2a21683
Right-shifting negative values has implementation-defined behavior. On all the platforms we work on right now, the behavior is to sign-extend the input. That isn't what we wanted in auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1; Fix for 6861; bugfix on 0.2.1.5-alpha; reported pseudonymously. The broken behavior didn't actually hurt anything, I think, since the only way to get sign-extension to happen would be to have the top bit of descriptor_cookie_tmp[16] set, which would make the value of descriptor_cookie_tmp[16] >> 4 somewhere between 0b11111111 and 0b11111000 (that is, between -1 and -8). So auth_type_val would be between -7 and 0. And the immediate next line does: if (auth_type_val < 1 || auth_type_val > 2) { So the incorrectly computed auth_type_val would be rejected as invalid, just as a correctly computed auth_type_val would be. Still, this stuff shouldn't sit around the codebase.
4 lines
135 B
Plaintext
4 lines
135 B
Plaintext
o Minor bugfixes:
|
|
- Fix handling of rendezvous client authorization types over 8.
|
|
Fixes bug 6841; bugfix on 0.2.1.5-alpha.
|