[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] oaep uses 42 more bytes -- stop clobbering buffers

To: or-cvs@freehaven.net
Subject: [or-cvs] oaep uses 42 more bytes -- stop clobbering buffers
From: arma@seul.org (Roger Dingledine)
Date: Mon, 5 Apr 2004 14:22:02 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Mon, 05 Apr 2004 14:22:23 -0400
Reply-to: or-dev@freehaven.net
Sender: owner-or-cvs@freehaven.net

Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or

Modified Files:
	connection_edge.c rendclient.c rendmid.c rendservice.c 
Log Message:
oaep uses 42 more bytes -- stop clobbering buffers

also maybe fix some constants here and there -- nick?


Index: connection_edge.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_edge.c,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -d -r1.140 -r1.141
--- connection_edge.c	5 Apr 2004 17:56:34 -0000	1.140
+++ connection_edge.c	5 Apr 2004 18:22:00 -0000	1.141
@@ -757,9 +757,6 @@
     return 1; /* we're happy */
   }
 
-  log_fn(LOG_INFO,"No safe circuit (purpose %d) ready for edge connection; delaying.",
-         desired_circuit_purpose);
-
   if(!*conn->rend_query) { /* general purpose circ */
     addr = client_dns_lookup_entry(conn->socks_request->address);
     if(router_exit_policy_all_routers_reject(addr, conn->socks_request->port)) {
@@ -804,6 +801,9 @@
       strcpy(circ->rend_query, conn->rend_query);
     }
   }
+  if(!circ)
+    log_fn(LOG_INFO,"No safe circuit (purpose %d) ready for edge connection; delaying.",
+           desired_circuit_purpose);
   *circp = circ;
   return 0;
 }

Index: rendclient.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendclient.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- rendclient.c	5 Apr 2004 17:56:34 -0000	1.12
+++ rendclient.c	5 Apr 2004 18:22:00 -0000	1.13
@@ -41,14 +41,14 @@
   return 0;
 }
 
-#define LEN_REND_INTRODUCE1 204
+#define LEN_REND_INTRODUCE1 (20+20+20+16+128+42)
 
 int
 rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
   const char *descp;
   int desc_len;
   char payload[LEN_REND_INTRODUCE1];
-  char tmp[LEN_REND_INTRODUCE1-20-16];
+  char tmp[20+20+128];
   rend_service_descriptor_t *parsed=NULL;
 
   assert(introcirc->purpose == CIRCUIT_PURPOSE_C_INTRODUCING);

Index: rendmid.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendmid.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- rendmid.c	5 Apr 2004 17:36:30 -0000	1.11
+++ rendmid.c	5 Apr 2004 18:22:00 -0000	1.12
@@ -124,7 +124,7 @@
     goto err;
   }
 
-  if (request_len < 276) {
+  if (request_len < 246) {
     log_fn(LOG_WARN,
            "Impossibly short INTRODUCE1 cell on circuit %d; dropping.",
            circ->p_circ_id);

Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendservice.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- rendservice.c	5 Apr 2004 17:28:48 -0000	1.22
+++ rendservice.c	5 Apr 2004 18:22:00 -0000	1.23
@@ -326,6 +326,7 @@
     return -1;
   }
 
+  /* XXX NM this is wrong, right? */
   /* min key length plus digest length plus nickname length */
   if (request_len < 148) {
     log_fn(LOG_WARN, "Got a truncated INTRODUCE2 cell on circ %d",

Prev by Author: [or-cvs] strdup the intro point when you pick it, so you
Next by Author: [or-cvs] make rend apconn send to the right cpath layer
Previous by thread: [or-cvs] strdup the intro point when you pick it, so you
Next by thread: [or-cvs] Do first half of Alice-side of DH handshake.
Index(es):
- Author
- Thread