[tor-commits] [tor/master] Remove (untriggerable) overflow in crypto_random_hostname()
nickm at torproject.org
nickm at torproject.org
Tue Jan 10 00:17:28 UTC 2012
commit 3fadc074caa2f69b9d4ef17339a42dc9fbe4ad9e
Author: Stephen Palmateer <stephen.palmateer at gmail.com>
Date: Wed Dec 21 12:48:38 2011 -0500
Remove (untriggerable) overflow in crypto_random_hostname()
Fixes bug 4413; bugfix on xxxx.
Hostname components cannot be larger than 63 characters.
This simple check makes certain randlen cannot overflow rand_bytes_len.
---
changes/bug4413 | 2 ++
src/common/crypto.c | 8 ++++++++
2 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/changes/bug4413 b/changes/bug4413
new file mode 100644
index 0000000..653ddeb
--- /dev/null
+++ b/changes/bug4413
@@ -0,0 +1,2 @@
+Minor bugfixes:
+ - Check for a potential, however unlikely, integer overflow. Fixes bug 4413; Bugfix on 0.2.3.9-alpha.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 673fc0c..9ee3d98 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -82,6 +82,9 @@
#include "sha256.c"
#define SHA256_Final(a,b) sha256_done(b,a)
+/* Bug 4413*/
+#define MAX_HOSTNAME_SIZE 63
+
static unsigned char *
SHA256(const unsigned char *m, size_t len, unsigned char *d)
{
@@ -2554,7 +2557,12 @@ crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix,
size_t resultlen, prefixlen;
tor_assert(max_rand_len >= min_rand_len);
+
randlen = min_rand_len + crypto_rand_int(max_rand_len - min_rand_len + 1);
+ if (randlen > MAX_HOSTNAME_SIZE) {
+ randlen = MAX_HOSTNAME_SIZE;
+ }
+
prefixlen = strlen(prefix);
resultlen = prefixlen + strlen(suffix) + randlen + 16;
More information about the tor-commits
mailing list