diff options
author | Nick Mathewson <nickm@torproject.org> | 2008-02-20 16:57:39 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2008-02-20 16:57:39 +0000 |
commit | cefe0a1959bb62fb36170dc3ff8c15b9971bb822 (patch) | |
tree | 2e47bfe6783aefbb687e99c524ab39f3c0f1fe9e | |
parent | 1c8bd320beed5379ab3b755d41cb2fd051858a67 (diff) | |
download | tor-cefe0a1959bb62fb36170dc3ff8c15b9971bb822.tar.gz tor-cefe0a1959bb62fb36170dc3ff8c15b9971bb822.zip |
r18255@catbus: nickm | 2008-02-20 11:44:55 -0500
Add asserts and refactor some comparisons in order to fix some veracode-identified issues. Note a bug in buffers.c
svn:r13618
-rw-r--r-- | src/or/buffers.c | 6 | ||||
-rw-r--r-- | src/or/dirvote.c | 5 | ||||
-rw-r--r-- | src/or/routerparse.c | 4 |
3 files changed, 11 insertions, 4 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c index f67f44cb6a..13fda0fb55 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1019,8 +1019,10 @@ static int buf_find_pos_of_char(char ch, buf_pos_t *out) { const chunk_t *chunk; - int offset = 0; - int pos = out->pos; + int offset = 0; /*XXXX020 should this be pos_absolute? Otherwise, bug. */ + int pos; + tor_assert(out && out->chunk && out->pos < (int)out->chunk->datalen); + pos = out->pos; for (chunk = out->chunk; chunk; chunk = chunk->next) { char *cp = memchr(chunk->data+pos, ch, chunk->datalen-pos); if (cp) { diff --git a/src/or/dirvote.c b/src/or/dirvote.c index e2ff5723ac..1455418a88 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -1787,16 +1787,17 @@ dirvote_add_signatures_to_pending_consensus( char *new_detached = networkstatus_get_detached_signatures(pending_consensus); const char *src; - char *dst; + char *dst, *dst_end; size_t new_consensus_len = strlen(pending_consensus_body) + strlen(new_detached) + 1; pending_consensus_body = tor_realloc(pending_consensus_body, new_consensus_len); + dst_end = pending_consensus_body + new_consensus_len; dst = strstr(pending_consensus_body, "directory-signature "); tor_assert(dst); src = strstr(new_detached, "directory-signature "); tor_assert(src); - strlcpy(dst, src, new_consensus_len - (dst-pending_consensus_body)); + strlcpy(dst, src, dst_end-dst); /* We remove this block once it has failed to crash for a while. But * unless it shows up in profiles, we're probably better leaving it in, diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 123ea32bc1..2a897f55cc 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -2704,6 +2704,7 @@ get_next_token(const char **s, const char *eos, token_rule_t *table) /* Set *s to first token, eol to end-of-line, next to after first token */ *s = eat_whitespace_eos(*s, eos); /* eat multi-line whitespace */ + tor_assert(eos >= *s); eol = memchr(*s, '\n', eos-*s); if (!eol) eol = eos; @@ -2775,11 +2776,13 @@ get_next_token(const char **s, const char *eos, token_rule_t *table) /* Check whether there's an object present */ *s = eat_whitespace_eos(eol, eos); /* Scan from end of first line */ + tor_assert(eos >= *s); eol = memchr(*s, '\n', eos-*s); if (!eol || eol-*s<11 || strcmpstart(*s, "-----BEGIN ")) /* No object. */ goto check_object; obstart = *s; /* Set obstart to start of object spec */ + tor_assert(eol >= (*s+16)); if (*s+11 >= eol-5 || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */ strcmp_len(eol-5, "-----", 5)) { /* nuls or invalid endings */ RET_ERR("Malformed object: bad begin line"); @@ -2793,6 +2796,7 @@ get_next_token(const char **s, const char *eos, token_rule_t *table) if (!next) { RET_ERR("Malformed object: missing object end line"); } + tor_assert(eos >= next); eol = memchr(next, '\n', eos-next); if (!eol) /* end-of-line marker, or eos if there's no '\n' */ eol = eos; |