[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/maint-0.2.2] Correct HS descriptor length check



commit 48bdc2f729cba1a22305f6150d230cf0334ebd55
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Mon Apr 18 13:53:13 2011 -0700

    Correct HS descriptor length check
    
    Fixes bug 2948.
---
 changes/bug2948      |    7 +++++++
 src/or/routerparse.c |    4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/changes/bug2948 b/changes/bug2948
new file mode 100644
index 0000000..640ef62
--- /dev/null
+++ b/changes/bug2948
@@ -0,0 +1,7 @@
+  o Minor bugfixes
+    - Only limit the lengths of single HS descriptors, even when
+      multiple HS descriptors are published to an HSDir relay in a
+      single POST operation.  Fixes bug 2948; bugfix on 0.2.1.5-alpha.
+      Found by hsdir.
+
+
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 8456a0a..dd72eb6 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4638,12 +4638,12 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
   else
     eos = eos + 1;
   /* Check length. */
-  if (strlen(desc) > REND_DESC_MAX_SIZE) {
+  if (eos-desc > REND_DESC_MAX_SIZE) {
     /* XXX023 If we are parsing this descriptor as a server, this
      * should be a protocol warning. */
     log_warn(LD_REND, "Descriptor length is %i which exceeds "
              "maximum rendezvous descriptor size of %i bytes.",
-             (int)strlen(desc), REND_DESC_MAX_SIZE);
+             (int)(eos-desc), REND_DESC_MAX_SIZE);
     goto err;
   }
   /* Tokenize descriptor. */



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits