[tor-commits] [tlsdate/debian-master] Restrict loggable date fields even harder.
ioerror at torproject.org
ioerror at torproject.org
Thu Oct 31 10:51:32 UTC 2013
commit cc1fde04ad35d4df138390e04e981a04ff34073e
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Oct 14 11:30:00 2013 -0400
Restrict loggable date fields even harder.
---
src/tlsdate-helper.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c
index 7813158..311d374 100644
--- a/src/tlsdate-helper.c
+++ b/src/tlsdate-helper.c
@@ -222,7 +222,7 @@ sanitize_string(const char *s)
{
const unsigned char *cp;
for (cp = (const unsigned char *)s; *cp; cp++) {
- if (*cp < 32 || *cp > 127)
+ if (*cp < 32 || *cp >= 127)
return "string with invalid characters";
}
return s;
@@ -254,6 +254,10 @@ handle_date_line(const char *dateline, uint32_t *result)
return 0;
dateline += 8;
+ if (strlen(dateline) > MAX_DATE_LINE_LEN) {
+ verb("V: The date line was impossibly long.\n");
+ return -1;
+ }
verb("V: The alleged date is <%s>\n", sanitize_string(dateline));
while (*dateline == ' ')
More information about the tor-commits
mailing list