[or-cvs] r13601: rearrange our assert so we don't possibly overflow rh.length (tor/trunk/src/or)
arma at seul.org
arma at seul.org
Tue Feb 19 23:54:17 UTC 2008
Author: arma
Date: 2008-02-19 18:54:17 -0500 (Tue, 19 Feb 2008)
New Revision: 13601
Modified:
tor/trunk/src/or/relay.c
Log:
rearrange our assert so we don't possibly overflow rh.length before
triggering the assert. reported by veracode.
Modified: tor/trunk/src/or/relay.c
===================================================================
--- tor/trunk/src/or/relay.c 2008-02-19 23:46:08 UTC (rev 13600)
+++ tor/trunk/src/or/relay.c 2008-02-19 23:54:17 UTC (rev 13601)
@@ -475,6 +475,7 @@
/* XXXX NM Split this function into a separate versions per circuit type? */
tor_assert(circ);
+ tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
memset(&cell, 0, sizeof(cell_t));
cell.command = CELL_RELAY;
@@ -493,10 +494,8 @@
rh.stream_id = stream_id;
rh.length = payload_len;
relay_header_pack(cell.payload, &rh);
- if (payload_len) {
- tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
+ if (payload_len)
memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
- }
log_debug(LD_OR,"delivering %d cell %s.", relay_command,
cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
More information about the tor-commits
mailing list