[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Better bounds checking on parsed ints

Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv6190/src/or

Modified Files:
	rendservice.c routerparse.c 
Log Message:
Better bounds checking on parsed ints

Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendservice.c,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -d -r1.84 -r1.85
--- rendservice.c	12 Oct 2004 15:52:09 -0000	1.84
+++ rendservice.c	12 Oct 2004 19:01:53 -0000	1.85
@@ -161,6 +161,10 @@
       log_fn(LOG_WARN, "Unparseable of missing port in hidden service port configuration.");
       return NULL;
     }
+    if (realport < 1 || realport > 65535) {
+      log_fn(LOG_WARN, "Port out of range");
+      return NULL;
+    }
     addr = 0x7F000001u; /* Default to 127.0.0.1 */
   }
 

Index: routerparse.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerparse.c,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -d -r1.48 -r1.49
--- routerparse.c	12 Oct 2004 18:32:34 -0000	1.48
+++ routerparse.c	12 Oct 2004 19:01:53 -0000	1.49
@@ -1053,6 +1053,10 @@
     bits = (int) strtol(mask, &endptr, 10);
     if (!*endptr) {
       /* strtol handled the whole mask. */
+      if (bits < 0 || bits > 32) {
+        log_fn(LOG_WARN, "Bad number of mask bits on exit policy; rejecting.");
+        goto policy_read_failed;
+      }
       newe->msk = ~((1<<(32-bits))-1);
     } else if (tor_inet_aton(mask, &in) != 0) {
       newe->msk = ntohl(in.s_addr);
@@ -1083,6 +1087,10 @@
     } else {
       newe->prt_max = newe->prt_min;
     }
+    if (newe->prt_min > newe->prt_max) {
+      log_fn(LOG_WARN,"Insane port range on exit policy; rejecting.");
+      goto policy_read_failed;
+    }
   }
 
   in.s_addr = htonl(newe->addr);