Fix a possible negative shift in address comparison. May fix bug 845 and bug 811

svn:r17169
author: Nick Mathewson <nickm@torproject.org> 2008-10-29 13:29:54 +0000
committer: Nick Mathewson <nickm@torproject.org> 2008-10-29 13:29:54 +0000
commit: 361086005ca70d8acce55f140a701b0b3a90e48c (patch)
tree: 7480722572a297678604137294ddd10cab78233b
parent: accb4a680f318a225f51b047014e2c5a3671aa6f (diff)
download: tor-361086005ca70d8acce55f140a701b0b3a90e48c.tar.gz
tor-361086005ca70d8acce55f140a701b0b3a90e48c.zip
2 files changed, 4 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index f854b76fa8..823dba958b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -41,6 +41,8 @@ Changes in version 0.2.1.7-alpha - 2008-10-xx
       prevent possible guess-the-streamid injection attacks from
       intermediate hops.  Fixes another case of bug 446. Based on patch
       from rovv.
+    - Avoid using a negative right-shift when comparing 32-bit
+      addresses.  Possible fix for bug 845 and bug 811.
 
 
 Changes in version 0.2.1.6-alpha - 2008-09-30
diff --git a/src/common/address.c b/src/common/address.c
index 2a2924a756..d6b64828c1 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -686,6 +686,8 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
       case AF_INET: {
         uint32_t a1 = ntohl(addr1->addr.in_addr.s_addr);
         uint32_t a2 = ntohl(addr2->addr.in_addr.s_addr);
+        if (mbits > 32)
+          mbits = 32;
         a1 >>= (32-mbits);
         a2 >>= (32-mbits);
         return (a1 < a2) ? -1 : (a1 == a2) ? 0 : 1;
author	Nick Mathewson <nickm@torproject.org>	2008-10-29 13:29:54 +0000
committer	Nick Mathewson <nickm@torproject.org>	2008-10-29 13:29:54 +0000
commit	361086005ca70d8acce55f140a701b0b3a90e48c (patch)
tree	7480722572a297678604137294ddd10cab78233b
parent	accb4a680f318a225f51b047014e2c5a3671aa6f (diff)
download	tor-361086005ca70d8acce55f140a701b0b3a90e48c.tar.gz tor-361086005ca70d8acce55f140a701b0b3a90e48c.zip