[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [stegotorus/master] Vinod fixed a buf overflow bug in http_server_receive
commit 13527f93876020861ed6dc8701e94fc6beba0d45
Author: Steven Cheung <cheung@xxxxxxxxxxx>
Date: Wed Dec 21 18:51:54 2011 +0000
Vinod fixed a buf overflow bug in http_server_receive
git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@188 a58ff0ac-194c-e011-a152-003048836090
---
src/steg/http.cc | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/src/steg/http.cc b/src/steg/http.cc
index e4bdb0e..47290b0 100644
--- a/src/steg/http.cc
+++ b/src/steg/http.cc
@@ -730,7 +730,7 @@ http_server_receive(http *s, conn_t *conn, struct evbuffer *dest, struct evbuffe
c = 0;
- while (strncmp((char*) p, "\r\n", 2) != 0 && (cookie_mode != 0 || p[0] != '.')) {
+ while (strncmp((char*) p, "\r\n", 2) != 0 && (cookie_mode != 0 || p[0] != '.') && sofar < MAX_COOKIE_SIZE) {
if (!secondhalf)
c = 0;
if ('0' <= *p && *p <= '9')
@@ -751,6 +751,12 @@ http_server_receive(http *s, conn_t *conn, struct evbuffer *dest, struct evbuffe
p++;
}
+
+ if (sofar >= MAX_COOKIE_SIZE) {
+ fprintf(stderr, "cookie buffer overflow\n");
+ exit(-1);
+ }
+
outbuf[sofar] = 0;
if (secondhalf) {
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits