[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r8314: backport 8310 to 0.1.1, because of possible (minor) security (in tor/branches/tor-0_1_1-patches: . src/common src/or)



Author: nickm
Date: 2006-08-31 15:11:14 -0400 (Thu, 31 Aug 2006)
New Revision: 8314

Modified:
   tor/branches/tor-0_1_1-patches/ChangeLog
   tor/branches/tor-0_1_1-patches/src/common/compat.h
   tor/branches/tor-0_1_1-patches/src/common/util.c
   tor/branches/tor-0_1_1-patches/src/or/config.c
   tor/branches/tor-0_1_1-patches/src/or/routerparse.c
Log:
backport 8310 to 0.1.1, because of possible (minor) security implications on netbsd.

Modified: tor/branches/tor-0_1_1-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_1_1-patches/ChangeLog	2006-08-31 18:52:05 UTC (rev 8313)
+++ tor/branches/tor-0_1_1-patches/ChangeLog	2006-08-31 19:11:14 UTC (rev 8314)
@@ -12,8 +12,10 @@
     - Fix configure.in to not produce broken configure files with
       more recent versions of autoconf. Thanks to Clint for his auto*
       voodoo.
+    - Fix NetBSD bug that could allow someone to force uninitialized RAM
+      to be sent to a server's DNS resolver.  This only effects NetBSD and
+      other platforms that that do not bounds-check tolower().
 
-
 Changes in version 0.1.1.23 - 2006-07-30
   o Major bugfixes:
     - Fast Tor servers, especially exit nodes, were triggering asserts

Modified: tor/branches/tor-0_1_1-patches/src/common/compat.h
===================================================================
--- tor/branches/tor-0_1_1-patches/src/common/compat.h	2006-08-31 18:52:05 UTC (rev 8313)
+++ tor/branches/tor-0_1_1-patches/src/common/compat.h	2006-08-31 19:11:14 UTC (rev 8314)
@@ -115,6 +115,9 @@
 #define TOR_ISDIGIT(c)   isdigit((int)(unsigned char)(c))
 #define TOR_ISPRINT(c)   isprint((int)(unsigned char)(c))
 
+#define TOR_TOLOWER(c)   (char)tolower((int)(unsigned char)(c))
+#define TOR_TOUPPER(c)   (char)toupper((int)(unsigned char)(c))
+
 #ifdef MS_WINDOWS
 #define _SHORT_FILE_ (tor_fix_source_file(__FILE__))
 const char *tor_fix_source_file(const char *fname);

Modified: tor/branches/tor-0_1_1-patches/src/common/util.c
===================================================================
--- tor/branches/tor-0_1_1-patches/src/common/util.c	2006-08-31 18:52:05 UTC (rev 8313)
+++ tor/branches/tor-0_1_1-patches/src/common/util.c	2006-08-31 19:11:14 UTC (rev 8314)
@@ -316,7 +316,7 @@
 tor_strlower(char *s)
 {
   while (*s) {
-    *s = tolower(*s);
+    *s = TOR_TOLOWER(*s);
     ++s;
   }
 }
@@ -327,7 +327,7 @@
 tor_strupper(char *s)
 {
   while (*s) {
-    *s = toupper(*s);
+    *s = TOR_TOUPPER(*s);
     ++s;
   }
 }

Modified: tor/branches/tor-0_1_1-patches/src/or/config.c
===================================================================
--- tor/branches/tor-0_1_1-patches/src/or/config.c	2006-08-31 18:52:05 UTC (rev 8313)
+++ tor/branches/tor-0_1_1-patches/src/or/config.c	2006-08-31 19:11:14 UTC (rev 8314)
@@ -1712,7 +1712,7 @@
       *cp = '\0';
       break;
     }
-    *cp = tolower(*cp);
+    *cp = TOR_TOLOWER(*cp);
   }
 
   /* Strip invalid characters. */

Modified: tor/branches/tor-0_1_1-patches/src/or/routerparse.c
===================================================================
--- tor/branches/tor-0_1_1-patches/src/or/routerparse.c	2006-08-31 18:52:05 UTC (rev 8313)
+++ tor/branches/tor-0_1_1-patches/src/or/routerparse.c	2006-08-31 19:11:14 UTC (rev 8314)
@@ -1275,7 +1275,7 @@
   len = strlen(s);
   cp = tmp = tor_malloc(len+2);
   for (idx = 0; idx < len; ++idx) {
-    tmp[idx] = tolower(s[idx]);
+    tmp[idx] = TOR_TOLOWER(s[idx]);
   }
   tmp[len]='\n';
   tmp[len+1]='\0';