summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2015-03-03 22:20:17 +0100
committerNick Mathewson <nickm@torproject.org>2015-03-03 22:21:41 +0100
commit71ee53fe9bdf3f64eef9b38de55960185e8be1b5 (patch)
treea01954a70c9b29b00f7da248fe178951e3c3f759
parentc3f8f5ab0e74db2269d55ff51a0918a41b374fc6 (diff)
downloadtor-71ee53fe9bdf3f64eef9b38de55960185e8be1b5.tar.gz
tor-71ee53fe9bdf3f64eef9b38de55960185e8be1b5.zip
Do not leave empty, invalid chunks in buffers during buf_pullup
This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'
-rw-r--r--changes/bug150836
-rw-r--r--src/or/buffers.c2
2 files changed, 7 insertions, 1 deletions
diff --git a/changes/bug15083 b/changes/bug15083
new file mode 100644
index 0000000000..98d1d0e535
--- /dev/null
+++ b/changes/bug15083
@@ -0,0 +1,6 @@
+ o Major bugfixes (relay, stability):
+ - Fix a bug that could lead to a relay crashing with an assertion
+ failure if a buffer of exactly the wrong layout was passed
+ to buf_pullup() at exactly the wrong time. Fixes bug 15083;
+ bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
+
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 9be0476f64..7976432793 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -426,7 +426,7 @@ buf_pullup(buf_t *buf, size_t bytes, int nulterminate)
size_t n = bytes - dest->datalen;
src = dest->next;
tor_assert(src);
- if (n > src->datalen) {
+ if (n >= src->datalen) {
memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen);
dest->datalen += src->datalen;
dest->next = src->next;