[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] fix integer underflow in tor_vsnprintf()

To: or-cvs@freehaven.net
Subject: [or-cvs] fix integer underflow in tor_vsnprintf()
From: arma@seul.org (Roger Dingledine)
Date: Mon, 29 Nov 2004 01:49:06 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Mon, 29 Nov 2004 01:49:25 -0500
Reply-to: or-dev@freehaven.net
Sender: owner-or-cvs@freehaven.net

Update of /home2/or/cvsroot/tor/src/common
In directory moria.mit.edu:/home2/arma/work/onion/cvs/tor/src/common

Modified Files:
	compat.c 
Log Message:
fix integer underflow in tor_vsnprintf()
(probably exploitable)


Index: compat.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/common/compat.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- compat.c	28 Nov 2004 09:05:45 -0000	1.15
+++ compat.c	29 Nov 2004 06:49:04 -0000	1.16
@@ -90,12 +90,14 @@
   return r;
 }
 
-/** Replacement for vsnpritnf; behavior differs as tor_snprintf differs from
+/** Replacement for vsnprintf; behavior differs as tor_snprintf differs from
  * snprintf.
  */
 int tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
 {
   int r;
+  if (size == 0)
+    return -1; /* no place for the NUL */
 #ifdef MS_WINDOWS
   r = _vsnprintf(str, size, format, args);
 #else

Prev by Author: [or-cvs] prevent integer underflow
Next by Author: [or-cvs] put in initial support for ".nickname.exit" addresses, to l...
Previous by thread: [or-cvs] prevent integer underflow
Next by thread: [or-cvs] Disallow NDEBUG. It is very stupid.
Index(es):
- Author
- Thread