[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r17667: {tor} Fix a valgrind-located memory stomp. Bugfix on 0.2.1.6-alpha (in tor/trunk: . src/or)

Author: nickm
Date: 2008-12-17 23:27:23 -0500 (Wed, 17 Dec 2008)
New Revision: 17667

Modified:
   tor/trunk/ChangeLog
   tor/trunk/src/or/rendclient.c
Log:
Fix a valgrind-located memory stomp.  Bugfix on 0.2.1.6-alpha.

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-12-18 00:17:46 UTC (rev 17666)
+++ tor/trunk/ChangeLog	2008-12-18 04:27:23 UTC (rev 17667)
@@ -15,6 +15,8 @@
       the client never closes the circuit, then the exit relay never
       closes the TCP connection. Bug introduced in Tor 0.1.2.1-alpha;
       reported by "wood".
+    - Avoid a possible memory corruption bug when receiving hidden service
+      descriptors.  Bugfix on 0.2.1.6-alpha.
 
   o Minor features:
     - Give a better error message when an overzealous init script says

Modified: tor/trunk/src/or/rendclient.c
===================================================================
--- tor/trunk/src/or/rendclient.c	2008-12-18 00:17:46 UTC (rev 17666)
+++ tor/trunk/src/or/rendclient.c	2008-12-18 04:27:23 UTC (rev 17667)
@@ -402,14 +402,19 @@
   lookup_last_hid_serv_request(hs_dir, desc_id_base32, now, 1);
 
   /* Encode descriptor cookie for logging purposes. */
-  if (rend_query->auth_type != REND_NO_AUTH &&
-      base64_encode(descriptor_cookie_base64, 3*REND_DESC_COOKIE_LEN_BASE64,
-                    rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN) < 0) {
-    log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
-    return 0;
+  if (rend_query->auth_type != REND_NO_AUTH) {
+    if (base64_encode(descriptor_cookie_base64,
+                      sizeof(descriptor_cookie_base64),
+                      rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN)<0) {
+      log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
+      return 0;
+    }
+    /* Remove == signs and newline. */
+    descriptor_cookie_base64[strlen(descriptor_cookie_base64)-3] = '\0';
+  } else {
+    strlcpy(descriptor_cookie_base64, "(none)",
+            sizeof(descriptor_cookie_base64));
   }
-  /* Remove == signs and newline. */
-  descriptor_cookie_base64[strlen(descriptor_cookie_base64)-3] = '\0';
 
   /* Send fetch request. (Pass query and possibly descriptor cookie so that
    * they can be written to the directory connection and be referred to when