diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-04-27 10:59:48 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-04-27 10:59:48 -0400 |
commit | 49deb1e1b810e348bfa9fb27a0f0ef54f3694cc9 (patch) | |
tree | 73aafa22564f22b5f681dac8e3ef302a0f3e422f | |
parent | 199e61feb560e2368d1eec475dd828118754cf71 (diff) | |
download | tor-49deb1e1b810e348bfa9fb27a0f0ef54f3694cc9.tar.gz tor-49deb1e1b810e348bfa9fb27a0f0ef54f3694cc9.zip |
Document and test nul-terminating behavior of tor_uncompress()
We added this as a safety feature, but there are a few places in the
code that actually depend on it.
-rw-r--r-- | src/common/compress.c | 6 | ||||
-rw-r--r-- | src/test/test_util.c | 4 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/common/compress.c b/src/common/compress.c index 771f5ab7b6..9a24025db0 100644 --- a/src/common/compress.c +++ b/src/common/compress.c @@ -221,6 +221,12 @@ tor_compress(char **out, size_t *out_len, * *<b>out</b>, and its length in *<b>out_len</b>. Return 0 on success, -1 on * failure. * + * If any bytes are written to <b>out</b>, an extra byte NUL is always + * written at the end, but not counted in <b>out_len</b>. This is a + * safety feature to ensure that the output can be treated as a + * NUL-terminated string -- though of course, callers should check + * out_len anyway. + * * If <b>complete_only</b> is true, we consider a truncated input as a * failure; otherwise we decompress as much as we can. Warn about truncated * or corrupt inputs at <b>protocol_warn_level</b>. diff --git a/src/test/test_util.c b/src/test/test_util.c index 1f37fc3ab5..dec1d526c8 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -2262,6 +2262,7 @@ test_util_compress_impl(compress_method_t method) tt_assert(buf3 != NULL); tt_int_op(strlen(buf1) + 1, OP_EQ, len2); tt_str_op(buf1, OP_EQ, buf3); + tt_int_op(buf3[len2], OP_EQ, 0); /* Check whether we can uncompress concatenated, compressed strings. */ tor_free(buf3); @@ -2273,6 +2274,7 @@ test_util_compress_impl(compress_method_t method) "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0", (strlen(buf1)+1)*2); + tt_int_op(buf3[len2], OP_EQ, 0); /* Check whether we can uncompress partial strings */ @@ -2296,6 +2298,8 @@ test_util_compress_impl(compress_method_t method) tt_int_op(len2, OP_GT, 5); tt_int_op(len2, OP_LE, len1); tt_assert(fast_memeq(buf1, buf3, len2)); + tt_int_op(buf3[len2], OP_EQ, 0); + /* when we demand a complete output, this must fail. */ tor_free(buf3); tt_assert(tor_uncompress(&buf3, &len2, buf2, len1-16, |