[tor-commits] [tor/release-0.2.4] Reject most directory documents with an internal NUL.
arma at torproject.org
arma at torproject.org
Thu Apr 18 05:17:53 UTC 2013
commit 0cf2c01dbd9b86d396a55186e0656db33c7929d8
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Mar 15 13:49:04 2013 -0400
Reject most directory documents with an internal NUL.
(Specifically, we reject all the ones that aren't NUL-terminated,
since a NUL-terminated thing can't have a NUL in the middle.)
Another fix for #8037.
---
changes/bug8037 | 4 ++++
src/or/routerparse.c | 9 ++++++++-
2 files changed, 12 insertions(+), 1 deletions(-)
diff --git a/changes/bug8037 b/changes/bug8037
index 5f3c1a3..989745f 100644
--- a/changes/bug8037
+++ b/changes/bug8037
@@ -2,3 +2,7 @@
- Correctly store microdescriptors and extrainfo descriptors with
an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
Bug reported by "cypherpunks".
+
+ o Minor features:
+ - Reject as invalid most directory objects containing a
+ NUL. Belt-and-suspender fix for bug 8037.
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 23dae38..2c345ae 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3902,8 +3902,15 @@ tokenize_string(memarea_t *area,
tor_assert(area);
s = &start;
- if (!end)
+ if (!end) {
end = start+strlen(start);
+ } else {
+ /* it's only meaningful to check for nuls if we got an end-of-string ptr */
+ if (memchr(start, '\0', end-start)) {
+ log_warn(LD_DIR, "parse error: internal NUL character.");
+ return -1;
+ }
+ }
for (i = 0; i < NIL_; ++i)
counts[i] = 0;
More information about the tor-commits
mailing list