diff options
| author | Sebastian Hahn <sebastian@torproject.org> | 2009-09-26 15:41:52 +0200 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2009-09-27 12:02:02 -0400 |
| commit | 6a68b5059710d96767a7c7c7acd6a1e0bc933874 (patch) | |
| tree | 81411b81cafab562aa2d6e6f7d99ce025f425935 | |
| parent | a4d6d83051afe7a3018882e989b0efaa9b1c7908 (diff) | |
| download | tor-6a68b5059710d96767a7c7c7acd6a1e0bc933874.tar.gz tor-6a68b5059710d96767a7c7c7acd6a1e0bc933874.zip | |
Make sure we can't overflow in connection_ap_handshake_send_resolve
Found by Coverity
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 3 |
2 files changed, 4 insertions, 1 deletions
@@ -19,6 +19,8 @@ Changes in version 0.2.2.4-alpha - 2009-??-?? on 0.2.2.1-alpha. - Fix two memory leaks in the error case of circuit_build_times_parse_state. Bugfix on 0.2.2.2-alpha. + - Make it explicit that we can't overflow in + connection_ap_handshake_send_resolve. Bugfix on 0.0.7.1-1. Changes in version 0.2.2.3-alpha - 2009-09-23 o Major bugfixes: diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index f25202725e..0e6297a50a 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2156,8 +2156,9 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn) tor_assert(payload_len <= (int)sizeof(inaddr_buf)); } - if (payload_len > RELAY_PAYLOAD_SIZE) { + if (payload_len > MAX_SOCKS_ADDR_LEN) { /* This should be impossible: we don't accept addresses this big. */ + /* XXX Should we log a bug here? */ connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL); return -1; } |