diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-07-01 12:56:40 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-07-01 12:56:40 -0400 |
| commit | 734e860d98e1874dcd92e69051806e53205ee0b0 (patch) | |
| tree | 61f31b749be3aabf788a3a8b44d6383ed4e442ac | |
| parent | 0b536469ee8a6d437cd939cbcdaa56039e27cdcb (diff) | |
| parent | 06f0c1aa6a4ad0a6dfc93b1637214c307feed566 (diff) | |
| download | tor-734e860d98e1874dcd92e69051806e53205ee0b0.tar.gz tor-734e860d98e1874dcd92e69051806e53205ee0b0.zip | |
Merge remote-tracking branch 'origin/maint-0.2.2'
| -rw-r--r-- | changes/cid_428 | 5 | ||||
| -rw-r--r-- | changes/cid_450 | 5 | ||||
| -rw-r--r-- | changes/memleak_rendcache | 4 | ||||
| -rw-r--r-- | src/common/compat.c | 16 | ||||
| -rw-r--r-- | src/or/connection.c | 8 | ||||
| -rw-r--r-- | src/or/dirserv.c | 2 | ||||
| -rw-r--r-- | src/or/rendcommon.c | 1 |
7 files changed, 37 insertions, 4 deletions
diff --git a/changes/cid_428 b/changes/cid_428 new file mode 100644 index 0000000000..cb0fc8c2b2 --- /dev/null +++ b/changes/cid_428 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Always NUL-terminate the sun_path field of a sockaddr_un before + passing it to the kernel. (Not a security issue: kernels are + smart enough to reject bad sockaddr_uns.) Found by Coverity; CID + # 428. Bugfix on Tor 0.2.0.3-alpha. diff --git a/changes/cid_450 b/changes/cid_450 new file mode 100644 index 0000000000..2045fca239 --- /dev/null +++ b/changes/cid_450 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Don't stack-allocate the list of supplementary GIDs when we're + about to log them. Stack-allocating NGROUPS_MAX gid_t elements + could take up to 256K, which is way too much stack. Found by + Coverity; CID #450. Bugfix on 0.2.1.7-alpha. diff --git a/changes/memleak_rendcache b/changes/memleak_rendcache new file mode 100644 index 0000000000..93b1f6141b --- /dev/null +++ b/changes/memleak_rendcache @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fix a memory leak when receiving a descriptor for a hidden + service we didn't ask for. Found by Coverity; CID#30. Bugfix on + 0.2.2.26-beta. diff --git a/src/common/compat.c b/src/common/compat.c index 83cf0322d9..330c432284 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1280,7 +1280,8 @@ log_credential_status(void) /* Read, effective and saved GIDs */ gid_t rgid, egid, sgid; /* Supplementary groups */ - gid_t sup_gids[NGROUPS_MAX + 1]; + gid_t *sup_gids = NULL; + int sup_gids_size; /* Number of supplementary groups */ int ngids; @@ -1326,9 +1327,19 @@ log_credential_status(void) #endif /* log supplementary groups */ - if ((ngids = getgroups(NGROUPS_MAX + 1, sup_gids)) < 0) { + sup_gids_size = 64; + sup_gids = tor_malloc(sizeof(gid_t) * 64); + while ((ngids = getgroups(sup_gids_size, sup_gids)) < 0 && + errno == EINVAL && + sup_gids_size < NGROUPS_MAX) { + sup_gids_size *= 2; + sup_gids = tor_realloc(sup_gids, sizeof(gid_t) * sup_gids_size); + } + + if (ngids < 0) { log_warn(LD_GENERAL, "Error getting supplementary GIDs: %s", strerror(errno)); + tor_free(sup_gids); return -1; } else { int i, retval = 0; @@ -1358,6 +1369,7 @@ log_credential_status(void) tor_free(cp); }); smartlist_free(elts); + tor_free(sup_gids); return retval; } diff --git a/src/or/connection.c b/src/or/connection.c index ec43577dfa..e8969e09fc 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -854,7 +854,13 @@ create_unix_sockaddr(const char *listenaddress, char **readable_address, sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un)); sockaddr->sun_family = AF_UNIX; - strncpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path)); + if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path)) + >= sizeof(sockaddr->sun_path)) { + log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.", + escaped(listenaddress)); + tor_free(sockaddr); + return NULL; + } if (readable_address) *readable_address = tor_strdup(listenaddress); diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 33796fc2de..0ea1ef6489 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2440,7 +2440,7 @@ measured_bw_line_parse(measured_bw_line_t *out, const char *orig_line) tor_free(line); return -1; } - strncpy(out->node_hex, cp, sizeof(out->node_hex)); + strlcpy(out->node_hex, cp, sizeof(out->node_hex)); got_node_id=1; } } while ((cp = tor_strtok_r(NULL, " \t", &strtok_state))); diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index e81510a9cd..94bb002210 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1040,6 +1040,7 @@ rend_cache_store(const char *desc, size_t desc_len, int published, log_warn(LD_REND, "Received service descriptor for service ID %s; " "expected descriptor for service ID %s.", query, safe_str(service_id)); + rend_service_descriptor_free(parsed); return -2; } now = time(NULL); |