[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/maint-0.2.2] Correct HS descriptor length check
commit 48bdc2f729cba1a22305f6150d230cf0334ebd55
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon Apr 18 13:53:13 2011 -0700
Correct HS descriptor length check
Fixes bug 2948.
---
changes/bug2948 | 7 +++++++
src/or/routerparse.c | 4 ++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/changes/bug2948 b/changes/bug2948
new file mode 100644
index 0000000..640ef62
--- /dev/null
+++ b/changes/bug2948
@@ -0,0 +1,7 @@
+ o Minor bugfixes
+ - Only limit the lengths of single HS descriptors, even when
+ multiple HS descriptors are published to an HSDir relay in a
+ single POST operation. Fixes bug 2948; bugfix on 0.2.1.5-alpha.
+ Found by hsdir.
+
+
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 8456a0a..dd72eb6 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4638,12 +4638,12 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
else
eos = eos + 1;
/* Check length. */
- if (strlen(desc) > REND_DESC_MAX_SIZE) {
+ if (eos-desc > REND_DESC_MAX_SIZE) {
/* XXX023 If we are parsing this descriptor as a server, this
* should be a protocol warning. */
log_warn(LD_REND, "Descriptor length is %i which exceeds "
"maximum rendezvous descriptor size of %i bytes.",
- (int)strlen(desc), REND_DESC_MAX_SIZE);
+ (int)(eos-desc), REND_DESC_MAX_SIZE);
goto err;
}
/* Tokenize descriptor. */
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits