diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-03-03 22:20:17 +0100 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-03-03 22:21:41 +0100 |
| commit | 71ee53fe9bdf3f64eef9b38de55960185e8be1b5 (patch) | |
| tree | a01954a70c9b29b00f7da248fe178951e3c3f759 | |
| parent | c3f8f5ab0e74db2269d55ff51a0918a41b374fc6 (diff) | |
| download | tor-71ee53fe9bdf3f64eef9b38de55960185e8be1b5.tar.gz tor-71ee53fe9bdf3f64eef9b38de55960185e8be1b5.zip | |
Do not leave empty, invalid chunks in buffers during buf_pullup
This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha.
Patch from 'cypherpunks'
| -rw-r--r-- | changes/bug15083 | 6 | ||||
| -rw-r--r-- | src/or/buffers.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/changes/bug15083 b/changes/bug15083 new file mode 100644 index 0000000000..98d1d0e535 --- /dev/null +++ b/changes/bug15083 @@ -0,0 +1,6 @@ + o Major bugfixes (relay, stability): + - Fix a bug that could lead to a relay crashing with an assertion + failure if a buffer of exactly the wrong layout was passed + to buf_pullup() at exactly the wrong time. Fixes bug 15083; + bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. + diff --git a/src/or/buffers.c b/src/or/buffers.c index 9be0476f64..7976432793 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -426,7 +426,7 @@ buf_pullup(buf_t *buf, size_t bytes, int nulterminate) size_t n = bytes - dest->datalen; src = dest->next; tor_assert(src); - if (n > src->datalen) { + if (n >= src->datalen) { memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen); dest->datalen += src->datalen; dest->next = src->next; |