[or-cvs] fix integer underflow in tor_vsnprintf()
Roger Dingledine
arma at seul.org
Mon Nov 29 06:49:06 UTC 2004
Update of /home2/or/cvsroot/tor/src/common
In directory moria.mit.edu:/home2/arma/work/onion/cvs/tor/src/common
Modified Files:
compat.c
Log Message:
fix integer underflow in tor_vsnprintf()
(probably exploitable)
Index: compat.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/common/compat.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- compat.c 28 Nov 2004 09:05:45 -0000 1.15
+++ compat.c 29 Nov 2004 06:49:04 -0000 1.16
@@ -90,12 +90,14 @@
return r;
}
-/** Replacement for vsnpritnf; behavior differs as tor_snprintf differs from
+/** Replacement for vsnprintf; behavior differs as tor_snprintf differs from
* snprintf.
*/
int tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
{
int r;
+ if (size == 0)
+ return -1; /* no place for the NUL */
#ifdef MS_WINDOWS
r = _vsnprintf(str, size, format, args);
#else
More information about the tor-commits
mailing list