Fix a valgrind-located memory stomp. Bugfix on 0.2.1.6-alpha.

svn:r17667
author: Nick Mathewson <nickm@torproject.org> 2008-12-18 04:27:23 +0000
committer: Nick Mathewson <nickm@torproject.org> 2008-12-18 04:27:23 +0000
commit: 676175103de747085d02a647fc200f77cb0f4260 (patch)
tree: 697422330ba1cc19ed32d43e090d1e354e1e802a
parent: 5c235cb5ecf83a89ff6c9f514d1d8618043b39e7 (diff)
download: tor-676175103de747085d02a647fc200f77cb0f4260.tar.gz
tor-676175103de747085d02a647fc200f77cb0f4260.zip
2 files changed, 14 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index ff5b73d3b5..3a5ef2b17b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,8 @@ Changes in version 0.2.1.9-alpha - 2008-12-2?
       the client never closes the circuit, then the exit relay never
       closes the TCP connection. Bug introduced in Tor 0.1.2.1-alpha;
       reported by "wood".
+    - Avoid a possible memory corruption bug when receiving hidden service
+      descriptors.  Bugfix on 0.2.1.6-alpha.
 
   o Minor features:
     - Give a better error message when an overzealous init script says
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 7964185fce..050397532a 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -402,14 +402,19 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
   lookup_last_hid_serv_request(hs_dir, desc_id_base32, now, 1);
 
   /* Encode descriptor cookie for logging purposes. */
-  if (rend_query->auth_type != REND_NO_AUTH &&
-      base64_encode(descriptor_cookie_base64, 3*REND_DESC_COOKIE_LEN_BASE64,
-                    rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN) < 0) {
-    log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
-    return 0;
+  if (rend_query->auth_type != REND_NO_AUTH) {
+    if (base64_encode(descriptor_cookie_base64,
+                      sizeof(descriptor_cookie_base64),
+                      rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN)<0) {
+      log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
+      return 0;
+    }
+    /* Remove == signs and newline. */
+    descriptor_cookie_base64[strlen(descriptor_cookie_base64)-3] = '\0';
+  } else {
+    strlcpy(descriptor_cookie_base64, "(none)",
+            sizeof(descriptor_cookie_base64));
   }
-  /* Remove == signs and newline. */
-  descriptor_cookie_base64[strlen(descriptor_cookie_base64)-3] = '\0';
 
   /* Send fetch request. (Pass query and possibly descriptor cookie so that
    * they can be written to the directory connection and be referred to when
author	Nick Mathewson <nickm@torproject.org>	2008-12-18 04:27:23 +0000
committer	Nick Mathewson <nickm@torproject.org>	2008-12-18 04:27:23 +0000
commit	676175103de747085d02a647fc200f77cb0f4260 (patch)
tree	697422330ba1cc19ed32d43e090d1e354e1e802a
parent	5c235cb5ecf83a89ff6c9f514d1d8618043b39e7 (diff)
download	tor-676175103de747085d02a647fc200f77cb0f4260.tar.gz tor-676175103de747085d02a647fc200f77cb0f4260.zip