[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] Backport fix for remote-crash bug
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv4500/src/or
Modified Files:
Tag: tor-0_0_8-patches
buffers.c
Log Message:
Backport fix for remote-crash bug
Index: buffers.c
===================================================================
RCS file: /home/or/cvsroot/src/or/buffers.c,v
retrieving revision 1.103
retrieving revision 1.103.2.1
diff -u -d -r1.103 -r1.103.2.1
--- buffers.c 7 Aug 2004 09:01:04 -0000 1.103
+++ buffers.c 12 Oct 2004 18:39:32 -0000 1.103.2.1
@@ -381,6 +381,10 @@
p = strstr(headers, CONTENT_LENGTH);
if (p) {
contentlen = atoi(p+strlen(CONTENT_LENGTH));
+ if (contentlen < 0) {
+ log_fn(LOG_WARN, "Content-Length is less than zero; it looks like someone is trying to crash us.");
+ return -1;
+ }
/* if content-length is malformed, then our body length is 0. fine. */
log_fn(LOG_DEBUG,"Got a contentlen of %d.",contentlen);
if(bodylen < contentlen) {