summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2004-03-14 22:47:11 +0000
committerRoger Dingledine <arma@torproject.org>2004-03-14 22:47:11 +0000
commitfdc5751c606ae0b98bd5f85720171cff3ada94b4 (patch)
tree7bf8b43e1523efecb0e4fe0ff3578d1599408cf9
parent5d41346b6744a0d249e3680d748325e401a9382d (diff)
downloadtor-fdc5751c606ae0b98bd5f85720171cff3ada94b4.tar.gz
tor-fdc5751c606ae0b98bd5f85720171cff3ada94b4.zip
bugfix: address that strcat vulnerability in circuit.c
svn:r1273
Diffstat
-rw-r--r--src/or/circuit.c17
-rw-r--r--src/or/config.c4
-rw-r--r--src/or/dirserv.c2
-rw-r--r--src/or/routerlist.c2
4 files changed, 12 insertions, 13 deletions
diff --git a/src/or/circuit.c b/src/or/circuit.c
index e0e7aa607c..41a58f0953 100644
--- a/src/or/circuit.c
+++ b/src/or/circuit.c
@@ -790,29 +790,28 @@ void circuit_about_to_close_connection(connection_t *conn) {
}
void circuit_log_path(int severity, circuit_t *circ) {
- static char b[1024];
+ char buf[1024];
+ char *s = buf;
struct crypt_path_t *hop;
char *states[] = {"closed", "waiting for keys", "open"};
routerinfo_t *router;
assert(circ->cpath);
- sprintf(b,"circ (length %d, exit %s): ",
+ snprintf(s, sizeof(buf)-1, "circ (length %d, exit %s): ",
circ->build_state->desired_path_len, circ->build_state->chosen_exit);
hop=circ->cpath;
do {
+ s = buf + strlen(buf);
router = router_get_by_addr_port(hop->addr,hop->port);
if(router) {
- /* XXX strcat allows buffer overflow */
- strcat(b,router->nickname);
- strcat(b,"(");
- strcat(b,states[hop->state]);
- strcat(b,"),");
+ snprintf(s, sizeof(buf) - (s - buf), "%s(%s) ",
+ router->nickname, states[hop->state]);
} else {
- strcat(b,"UNKNOWN,");
+ snprintf(s, sizeof(buf) - (s - buf), "UNKNOWN ");
}
hop=hop->next;
} while(hop!=circ->cpath);
- log_fn(severity,"%s",b);
+ log_fn(severity,"%s",buf);
}
static void
diff --git a/src/or/config.c b/src/or/config.c
index 4d7787e8d0..e06a22a3fd 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -345,7 +345,7 @@ static void print_usage(void) {
);
}
-int resolve_my_address(or_options_t *options) {
+static int resolve_my_address(or_options_t *options) {
struct in_addr in;
struct hostent *rent;
char localhostname[256];
@@ -377,7 +377,7 @@ int resolve_my_address(or_options_t *options) {
assert(rent->h_length == 4);
memcpy(&in.s_addr, rent->h_addr,rent->h_length);
if(is_internal_IP(in.s_addr)) {
- log_fn(LOG_WARN,"Address '%s' resolves to '%s'. "
+ log_fn(LOG_WARN,"Address '%s' resolves to private IP '%s'. "
"Please set the Address config option to be your public IP.",
options->Address, inet_ntoa(in));
return -1;
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 0da23a7162..a73be17c08 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -341,7 +341,7 @@ list_running_servers(char **nicknames_out)
for (i = 0; i<n; ++i) {
if (i)
strcat(cp, " ");
- strcat(cp, nickname_lst[i]);
+ strcat(cp, nickname_lst[i]); /* can't overflow */
while (*cp)
++cp;
}
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index d5b16b56c1..172ff2069a 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1064,7 +1064,7 @@ router_add_exit_policy(routerinfo_t *router, directory_token_t *tok) {
strcpy(newe->string, "accept ");
newe->policy_type = EXIT_POLICY_ACCEPT;
}
- strcat(newe->string, arg);
+ strcat(newe->string, arg); /* can't overflow */
address = arg;
mask = strchr(arg,'/');
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion