diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-20 15:00:24 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-01-20 15:00:24 -0500 |
| commit | 13e9a2b19d4a65d9761256ac72f754c35c371b0b (patch) | |
| tree | 14b01dda5509908cb38f81759ead07e71190c4df | |
| parent | a793f1f6f2bd7b774e3b001468df4ea72bdeffc4 (diff) | |
| parent | 1471e577432273d51aa13919603a648437d05fea (diff) | |
| download | tor-13e9a2b19d4a65d9761256ac72f754c35c371b0b.tar.gz tor-13e9a2b19d4a65d9761256ac72f754c35c371b0b.zip | |
Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
| -rw-r--r-- | changes/policy_summarize-assert | 6 | ||||
| -rw-r--r-- | src/or/policies.c | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/changes/policy_summarize-assert b/changes/policy_summarize-assert new file mode 100644 index 0000000000..619e8e7e42 --- /dev/null +++ b/changes/policy_summarize-assert @@ -0,0 +1,6 @@ + o Major bugfixes (security) + - Fix a bounds-checking error that could allow an attacker to + remotely crash a directory authority. Found by piebeer. + Bugfix on 0.2.1.5-alpha. + + diff --git a/src/or/policies.c b/src/or/policies.c index 6947222b2e..62e048cfc2 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -1243,8 +1243,8 @@ policy_summarize(smartlist_t *policy) accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len); rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len); - if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN && - accepts_len > MAX_EXITPOLICY_SUMMARY_LEN) { + if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 && + accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) { char *c; shorter_str = accepts_str; prefix = "accept"; |