[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/maint-0.2.9] Fix crashes on empty +HSPOST and +POSTDESCRIPTOR commands



commit 12dad5ebf798232111919d5498f522d5b3f146a5
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Thu Sep 7 09:20:00 2017 -0400

    Fix crashes on empty +HSPOST and +POSTDESCRIPTOR commands
    
    Fixes bug 22644; bugfix on 0.2.7.1-alpha and 0.2.0.1-alpha
    respectively.
---
 changes/bug22644 |  5 +++++
 src/or/control.c | 16 ++++++++++++----
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/changes/bug22644 b/changes/bug22644
new file mode 100644
index 000000000..9b8742eda
--- /dev/null
+++ b/changes/bug22644
@@ -0,0 +1,5 @@
+  o Minor bugfixes (controller):
+    - Do not crash when receiving a POSTDESCRIPTOR command with an
+      empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+    - Do not crash when receiving a HSPOST command with an empty body.
+      Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
diff --git a/src/or/control.c b/src/or/control.c
index 1bf1e33bb..03d9fcee2 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -3568,12 +3568,15 @@ handle_control_postdescriptor(control_connection_t *conn, uint32_t len,
   int cache = 0; /* eventually, we may switch this to 1 */
 
   const char *cp = memchr(body, '\n', len);
-  smartlist_t *args = smartlist_new();
-  tor_assert(cp);
+
+  if (cp == NULL) {
+    connection_printf_to_buf(conn, "251 Empty body\r\n");
+    return 0;
+  }
   ++cp;
 
   char *cmdline = tor_memdup_nulterm(body, cp-body);
-
+  smartlist_t *args = smartlist_new();
   smartlist_split_string(args, cmdline, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH_BEGIN(args, char *, option) {
@@ -4158,14 +4161,19 @@ handle_control_hspost(control_connection_t *conn,
                       const char *body)
 {
   static const char *opt_server = "SERVER=";
-  smartlist_t *args = smartlist_new();
   smartlist_t *hs_dirs = NULL;
   const char *encoded_desc = body;
   size_t encoded_desc_len = len;
 
   char *cp = memchr(body, '\n', len);
+  if (cp == NULL) {
+    connection_printf_to_buf(conn, "251 Empty body\r\n");
+    return 0;
+  }
   char *argline = tor_strndup(body, cp-body);
 
+  smartlist_t *args = smartlist_new();
+
   /* If any SERVER= options were specified, try parse the options line */
   if (!strcasecmpstart(argline, opt_server)) {
     /* encoded_desc begins after a newline character */



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits