diff options
| author | Nick Mathewson <nickm@torproject.org> | 2019-10-11 10:21:58 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2019-10-11 10:21:58 -0400 |
| commit | 2e5724d1534f3357654c9fb9d222114bba945219 (patch) | |
| tree | 96967edfe7ff1fc3941a24462a6e02d672faf93a | |
| parent | 0d82a8be77ae8d7fb06c8702bfbf1ebbaf370c94 (diff) | |
| parent | 46efc0ff35a12206ee2d17bf46dade29877594ed (diff) | |
| download | tor-2e5724d1534f3357654c9fb9d222114bba945219.tar.gz tor-2e5724d1534f3357654c9fb9d222114bba945219.zip | |
Merge branch 'ticket31682_042_01_squashed'
| -rw-r--r-- | changes/ticket31682 | 3 | ||||
| -rw-r--r-- | src/feature/hs/hs_cell.c | 30 |
2 files changed, 26 insertions, 7 deletions
diff --git a/changes/ticket31682 b/changes/ticket31682 new file mode 100644 index 0000000000..9777dec1f3 --- /dev/null +++ b/changes/ticket31682 @@ -0,0 +1,3 @@ + o Minor bugfixes (hidden service v3, coverity): + - Fix an implicit conversion from ssize_t to size_t discovered by Coverity. + Fixes bug 31682; bugfix on 0.4.2.1-alpha. diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 547dda3e16..d691a1b007 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -494,12 +494,14 @@ build_establish_intro_dos_param(trn_cell_extension_dos_t *dos_ext, } /* Build the DoS defense cell extension and put it in the given extensions - * object. This can't fail. */ -static void + * object. Return 0 on success, -1 on failure. (Right now, failure is only + * possible if there is a bug.) */ +static int build_establish_intro_dos_extension(const hs_service_config_t *service_config, trn_cell_extension_t *extensions) { - ssize_t ret, dos_ext_encoded_len; + ssize_t ret; + size_t dos_ext_encoded_len; uint8_t *field_array; trn_cell_extension_field_t *field; trn_cell_extension_dos_t *dos_ext; @@ -526,7 +528,11 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, service_config->intro_dos_burst_per_sec); /* Set the field with the encoded DoS extension. */ - dos_ext_encoded_len = trn_cell_extension_dos_encoded_len(dos_ext); + ret = trn_cell_extension_dos_encoded_len(dos_ext); + if (BUG(ret <= 0)) { + return -1; + } + dos_ext_encoded_len = ret; /* Set length field and the field array size length. */ trn_cell_extension_field_set_field_len(field, dos_ext_encoded_len); trn_cell_extension_field_setlen_field(field, dos_ext_encoded_len); @@ -534,7 +540,10 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, field_array = trn_cell_extension_field_getarray_field(field); ret = trn_cell_extension_dos_encode(field_array, trn_cell_extension_field_getlen_field(field), dos_ext); - tor_assert(ret == dos_ext_encoded_len); + if (BUG(ret <= 0)) { + return -1; + } + tor_assert(ret == (ssize_t) dos_ext_encoded_len); /* Finally, encode field into the cell extension. */ trn_cell_extension_add_fields(extensions, field); @@ -546,6 +555,8 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, /* Cleanup. DoS extension has been encoded at this point. */ trn_cell_extension_dos_free(dos_ext); + + return 0; } /* ========== */ @@ -558,6 +569,7 @@ STATIC trn_cell_extension_t * build_establish_intro_extensions(const hs_service_config_t *service_config, const hs_service_intro_point_t *ip) { + int ret; trn_cell_extension_t *extensions; tor_assert(service_config); @@ -571,9 +583,14 @@ build_establish_intro_extensions(const hs_service_config_t *service_config, if (service_config->has_dos_defense_enabled && ip->support_intro2_dos_defense) { /* This function takes care to increment the number of extensions. */ - build_establish_intro_dos_extension(service_config, extensions); + ret = build_establish_intro_dos_extension(service_config, extensions); + if (ret < 0) { + /* Return no extensions on error. */ + goto end; + } } + end: return extensions; } @@ -1059,4 +1076,3 @@ hs_cell_introduce1_data_clear(hs_cell_introduce1_data_t *data) /* The data object has no ownership of any members. */ memwipe(data, 0, sizeof(hs_cell_introduce1_data_t)); } - |