[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Backport fix for remote-crash bug



Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv4500/src/or

Modified Files:
      Tag: tor-0_0_8-patches
	buffers.c 
Log Message:
Backport fix for remote-crash bug

Index: buffers.c
===================================================================
RCS file: /home/or/cvsroot/src/or/buffers.c,v
retrieving revision 1.103
retrieving revision 1.103.2.1
diff -u -d -r1.103 -r1.103.2.1
--- buffers.c	7 Aug 2004 09:01:04 -0000	1.103
+++ buffers.c	12 Oct 2004 18:39:32 -0000	1.103.2.1
@@ -381,6 +381,10 @@
   p = strstr(headers, CONTENT_LENGTH);
   if (p) {
     contentlen = atoi(p+strlen(CONTENT_LENGTH));
+    if (contentlen < 0) {
+      log_fn(LOG_WARN, "Content-Length is less than zero; it looks like someone is trying to crash us.");
+      return -1;
+    }
     /* if content-length is malformed, then our body length is 0. fine. */
     log_fn(LOG_DEBUG,"Got a contentlen of %d.",contentlen);
     if(bodylen < contentlen) {