summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-07-01 12:56:40 -0400
committerNick Mathewson <nickm@torproject.org>2011-07-01 12:56:40 -0400
commit734e860d98e1874dcd92e69051806e53205ee0b0 (patch)
tree61f31b749be3aabf788a3a8b44d6383ed4e442ac
parent0b536469ee8a6d437cd939cbcdaa56039e27cdcb (diff)
parent06f0c1aa6a4ad0a6dfc93b1637214c307feed566 (diff)
downloadtor-734e860d98e1874dcd92e69051806e53205ee0b0.tar.gz
tor-734e860d98e1874dcd92e69051806e53205ee0b0.zip
Merge remote-tracking branch 'origin/maint-0.2.2'
-rw-r--r--changes/cid_4285
-rw-r--r--changes/cid_4505
-rw-r--r--changes/memleak_rendcache4
-rw-r--r--src/common/compat.c16
-rw-r--r--src/or/connection.c8
-rw-r--r--src/or/dirserv.c2
-rw-r--r--src/or/rendcommon.c1
7 files changed, 37 insertions, 4 deletions
diff --git a/changes/cid_428 b/changes/cid_428
new file mode 100644
index 0000000000..cb0fc8c2b2
--- /dev/null
+++ b/changes/cid_428
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Always NUL-terminate the sun_path field of a sockaddr_un before
+ passing it to the kernel. (Not a security issue: kernels are
+ smart enough to reject bad sockaddr_uns.) Found by Coverity; CID
+ # 428. Bugfix on Tor 0.2.0.3-alpha.
diff --git a/changes/cid_450 b/changes/cid_450
new file mode 100644
index 0000000000..2045fca239
--- /dev/null
+++ b/changes/cid_450
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Don't stack-allocate the list of supplementary GIDs when we're
+ about to log them. Stack-allocating NGROUPS_MAX gid_t elements
+ could take up to 256K, which is way too much stack. Found by
+ Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
diff --git a/changes/memleak_rendcache b/changes/memleak_rendcache
new file mode 100644
index 0000000000..93b1f6141b
--- /dev/null
+++ b/changes/memleak_rendcache
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix a memory leak when receiving a descriptor for a hidden
+ service we didn't ask for. Found by Coverity; CID#30. Bugfix on
+ 0.2.2.26-beta.
diff --git a/src/common/compat.c b/src/common/compat.c
index 83cf0322d9..330c432284 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1280,7 +1280,8 @@ log_credential_status(void)
/* Read, effective and saved GIDs */
gid_t rgid, egid, sgid;
/* Supplementary groups */
- gid_t sup_gids[NGROUPS_MAX + 1];
+ gid_t *sup_gids = NULL;
+ int sup_gids_size;
/* Number of supplementary groups */
int ngids;
@@ -1326,9 +1327,19 @@ log_credential_status(void)
#endif
/* log supplementary groups */
- if ((ngids = getgroups(NGROUPS_MAX + 1, sup_gids)) < 0) {
+ sup_gids_size = 64;
+ sup_gids = tor_malloc(sizeof(gid_t) * 64);
+ while ((ngids = getgroups(sup_gids_size, sup_gids)) < 0 &&
+ errno == EINVAL &&
+ sup_gids_size < NGROUPS_MAX) {
+ sup_gids_size *= 2;
+ sup_gids = tor_realloc(sup_gids, sizeof(gid_t) * sup_gids_size);
+ }
+
+ if (ngids < 0) {
log_warn(LD_GENERAL, "Error getting supplementary GIDs: %s",
strerror(errno));
+ tor_free(sup_gids);
return -1;
} else {
int i, retval = 0;
@@ -1358,6 +1369,7 @@ log_credential_status(void)
tor_free(cp);
});
smartlist_free(elts);
+ tor_free(sup_gids);
return retval;
}
diff --git a/src/or/connection.c b/src/or/connection.c
index ec43577dfa..e8969e09fc 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -854,7 +854,13 @@ create_unix_sockaddr(const char *listenaddress, char **readable_address,
sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
sockaddr->sun_family = AF_UNIX;
- strncpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path));
+ if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
+ >= sizeof(sockaddr->sun_path)) {
+ log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
+ escaped(listenaddress));
+ tor_free(sockaddr);
+ return NULL;
+ }
if (readable_address)
*readable_address = tor_strdup(listenaddress);
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 33796fc2de..0ea1ef6489 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -2440,7 +2440,7 @@ measured_bw_line_parse(measured_bw_line_t *out, const char *orig_line)
tor_free(line);
return -1;
}
- strncpy(out->node_hex, cp, sizeof(out->node_hex));
+ strlcpy(out->node_hex, cp, sizeof(out->node_hex));
got_node_id=1;
}
} while ((cp = tor_strtok_r(NULL, " \t", &strtok_state)));
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index e81510a9cd..94bb002210 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -1040,6 +1040,7 @@ rend_cache_store(const char *desc, size_t desc_len, int published,
log_warn(LD_REND, "Received service descriptor for service ID %s; "
"expected descriptor for service ID %s.",
query, safe_str(service_id));
+ rend_service_descriptor_free(parsed);
return -2;
}
now = time(NULL);