Add fix for remote-crash bug.

svn:r2447
author: Nick Mathewson <nickm@torproject.org> 2004-10-12 18:38:36 +0000
committer: Nick Mathewson <nickm@torproject.org> 2004-10-12 18:38:36 +0000
commit: f6fc2b9dd2dec8376ad53df57a544fa66f37a2ca (patch)
tree: e5e570e067f4a9adeee8e978ff18bcf1b9f27ab0
parent: 578a3e25e54e5fe318bd7e9654d63cec5c33bcfe (diff)
download: tor-f6fc2b9dd2dec8376ad53df57a544fa66f37a2ca.tar.gz
tor-f6fc2b9dd2dec8376ad53df57a544fa66f37a2ca.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 7d5153ad5e..89dc0fc6b0 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -381,6 +381,10 @@ int fetch_from_buf_http(buf_t *buf,
   p = strstr(headers, CONTENT_LENGTH);
   if (p) {
     contentlen = atoi(p+strlen(CONTENT_LENGTH));
+    if (contentlen < 0) {
+      log_fn(LOG_WARN, "Content-Length is less than zero; it looks like someone is trying to crash us.");
+      return -1;
+    }
     /* if content-length is malformed, then our body length is 0. fine. */
     log_fn(LOG_DEBUG,"Got a contentlen of %d.",contentlen);
     if(bodylen < contentlen) {
author	Nick Mathewson <nickm@torproject.org>	2004-10-12 18:38:36 +0000
committer	Nick Mathewson <nickm@torproject.org>	2004-10-12 18:38:36 +0000
commit	f6fc2b9dd2dec8376ad53df57a544fa66f37a2ca (patch)
tree	e5e570e067f4a9adeee8e978ff18bcf1b9f27ab0
parent	578a3e25e54e5fe318bd7e9654d63cec5c33bcfe (diff)
download	tor-f6fc2b9dd2dec8376ad53df57a544fa66f37a2ca.tar.gz tor-f6fc2b9dd2dec8376ad53df57a544fa66f37a2ca.zip