[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] [tor/release-0.2.1] catch another overlong malloc possibility. found by cypherpunks
commit 1f3b4420233e83ef160ac41398827994ec7ae152
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Sat Jan 15 10:42:11 2011 -0500
catch another overlong malloc possibility. found by cypherpunks
---
src/or/routerparse.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 070c61b..3aaefec 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3105,7 +3105,8 @@ get_next_token(memarea_t *area,
obstart = *s; /* Set obstart to start of object spec */
if (*s+16 >= eol || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */
- strcmp_len(eol-5, "-----", 5)) { /* nuls or invalid endings */
+ strcmp_len(eol-5, "-----", 5) || /* nuls or invalid endings */
+ (eol-*s) > MAX_UNPARSED_OBJECT_SIZE) { /* name too long */
RET_ERR("Malformed object: bad begin line");
}
tok->object_type = STRNDUP(*s+11, eol-*s-16);