[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r13635: Fix a bug that kept buf_find_string_offset from finding a st (in tor/trunk: . src/or)
Author: nickm
Date: 2008-02-20 21:10:38 -0500 (Wed, 20 Feb 2008)
New Revision: 13635
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/or/buffers.c
tor/trunk/src/or/test.c
Log:
r18286@catbus: nickm | 2008-02-20 21:10:33 -0500
Fix a bug that kept buf_find_string_offset from finding a string at the very end of the buffer. Add a unit test for this. Also, do not save a pointer to a chunk that might get reallocated by buf_pullup().
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r18286] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-02-20 23:58:48 UTC (rev 13634)
+++ tor/trunk/ChangeLog 2008-02-21 02:10:38 UTC (rev 13635)
@@ -19,6 +19,7 @@
0.2.0.x
- Fix code used to find strings within buffers, when those strings
are not in the first chunk of the buffer.
+ - Fix potential segfault when parsing HTTP headers. Bugfix on 0.2.0.x.
o Minor features (performance):
- Tune parameters for cell pool allocation to minimize amount of
Modified: tor/trunk/src/or/buffers.c
===================================================================
--- tor/trunk/src/or/buffers.c 2008-02-20 23:58:48 UTC (rev 13634)
+++ tor/trunk/src/or/buffers.c 2008-02-21 02:10:38 UTC (rev 13635)
@@ -1072,18 +1072,24 @@
buf_matches_at_pos(const buf_pos_t *pos, const char *s, size_t n)
{
buf_pos_t p;
+ if (!n)
+ return 1;
+
memcpy(&p, pos, sizeof(p));
- while (n) {
+ while (1) {
char ch = p.chunk->data[p.pos];
if (ch != *s)
return 0;
++s;
- --n;
+ /* If we're out of characters that don't match, we match. Check this
+ * _before_ we test incrementing pos, in case we're at the end of the
+ * string. */
+ if (--n == 0)
+ return 1;
if (buf_pos_inc(&p)<0)
return 0;
}
- return 1;
}
/** Return the first position in <b>buf</b> at which the <b>n</b>-character
@@ -1137,7 +1143,6 @@
if (!buf->head)
return 0;
- headers = buf->head->data;
crlf_offset = buf_find_string_offset(buf, "\r\n\r\n", 4);
if (crlf_offset > (int)max_headerlen ||
(crlf_offset < 0 && buf->datalen > max_headerlen)) {
@@ -1153,6 +1158,7 @@
buf_pullup(buf, crlf_offset+4, 0);
headerlen = crlf_offset + 4;
+ headers = buf->head->data;
bodylen = buf->datalen - headerlen;
log_debug(LD_HTTP,"headerlen %d, bodylen %d.", (int)headerlen, (int)bodylen);
Modified: tor/trunk/src/or/test.c
===================================================================
--- tor/trunk/src/or/test.c 2008-02-20 23:58:48 UTC (rev 13634)
+++ tor/trunk/src/or/test.c 2008-02-21 02:10:38 UTC (rev 13635)
@@ -267,6 +267,7 @@
test_eq(39, buf_find_string_offset(buf, "ing str", 7));
test_eq(35, buf_find_string_offset(buf, "Testing str", 11));
test_eq(32, buf_find_string_offset(buf, "ng ", 3));
+ test_eq(43, buf_find_string_offset(buf, "string.", 7));
test_eq(-1, buf_find_string_offset(buf, "shrdlu", 6));
test_eq(-1, buf_find_string_offset(buf, "Testing thing", 13));
test_eq(-1, buf_find_string_offset(buf, "ngx", 3));