diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-09-07 09:20:00 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-09-07 09:20:00 -0400 |
| commit | 12dad5ebf798232111919d5498f522d5b3f146a5 (patch) | |
| tree | 46672edcf553801c587149abb0a29617b477e0e9 | |
| parent | 9696021593d28a7ae3b6a88ac57ff31234b469f5 (diff) | |
| download | tor-12dad5ebf798232111919d5498f522d5b3f146a5.tar.gz tor-12dad5ebf798232111919d5498f522d5b3f146a5.zip | |
Fix crashes on empty +HSPOST and +POSTDESCRIPTOR commands
Fixes bug 22644; bugfix on 0.2.7.1-alpha and 0.2.0.1-alpha
respectively.
| -rw-r--r-- | changes/bug22644 | 5 | ||||
| -rw-r--r-- | src/or/control.c | 16 |
2 files changed, 17 insertions, 4 deletions
diff --git a/changes/bug22644 b/changes/bug22644 new file mode 100644 index 0000000000..9b8742edaf --- /dev/null +++ b/changes/bug22644 @@ -0,0 +1,5 @@ + o Minor bugfixes (controller): + - Do not crash when receiving a POSTDESCRIPTOR command with an + empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. + - Do not crash when receiving a HSPOST command with an empty body. + Fixes part of bug 22644; bugfix on 0.2.7.1-alpha. diff --git a/src/or/control.c b/src/or/control.c index 1bf1e33bbc..03d9fcee2a 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3568,12 +3568,15 @@ handle_control_postdescriptor(control_connection_t *conn, uint32_t len, int cache = 0; /* eventually, we may switch this to 1 */ const char *cp = memchr(body, '\n', len); - smartlist_t *args = smartlist_new(); - tor_assert(cp); + + if (cp == NULL) { + connection_printf_to_buf(conn, "251 Empty body\r\n"); + return 0; + } ++cp; char *cmdline = tor_memdup_nulterm(body, cp-body); - + smartlist_t *args = smartlist_new(); smartlist_split_string(args, cmdline, " ", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); SMARTLIST_FOREACH_BEGIN(args, char *, option) { @@ -4158,14 +4161,19 @@ handle_control_hspost(control_connection_t *conn, const char *body) { static const char *opt_server = "SERVER="; - smartlist_t *args = smartlist_new(); smartlist_t *hs_dirs = NULL; const char *encoded_desc = body; size_t encoded_desc_len = len; char *cp = memchr(body, '\n', len); + if (cp == NULL) { + connection_printf_to_buf(conn, "251 Empty body\r\n"); + return 0; + } char *argline = tor_strndup(body, cp-body); + smartlist_t *args = smartlist_new(); + /* If any SERVER= options were specified, try parse the options line */ if (!strcasecmpstart(argline, opt_server)) { /* encoded_desc begins after a newline character */ |