Remove (untriggerable) overflow in crypto_random_hostname()

Fixes bug 4413; bugfix on xxxx. Hostname components cannot be larger than 63 characters. This simple check makes certain randlen cannot overflow rand_bytes_len.
author: Stephen Palmateer <stephen.palmateer@gmail.com> 2011-12-21 12:48:38 -0500
committer: Nick Mathewson <nickm@torproject.org> 2012-01-09 19:05:05 -0500
commit: 3fadc074caa2f69b9d4ef17339a42dc9fbe4ad9e (patch)
tree: 520d26b81a8db22fb2967af149183555166f0d5e /src/common/crypto.c
parent: 1e5d66997bb6efae378cf8783a0b07c12dd7146f (diff)
download: tor-3fadc074caa2f69b9d4ef17339a42dc9fbe4ad9e.tar.gz
tor-3fadc074caa2f69b9d4ef17339a42dc9fbe4ad9e.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 673fc0cc1f..9ee3d989a3 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -82,6 +82,9 @@
 #include "sha256.c"
 #define SHA256_Final(a,b) sha256_done(b,a)
 
+/* Bug 4413*/
+#define MAX_HOSTNAME_SIZE 63
+
 static unsigned char *
 SHA256(const unsigned char *m, size_t len, unsigned char *d)
 {
@@ -2554,7 +2557,12 @@ crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix,
   size_t resultlen, prefixlen;
 
   tor_assert(max_rand_len >= min_rand_len);
+
   randlen = min_rand_len + crypto_rand_int(max_rand_len - min_rand_len + 1);
+  if (randlen > MAX_HOSTNAME_SIZE) {
+    randlen = MAX_HOSTNAME_SIZE;
+  }
+
   prefixlen = strlen(prefix);
   resultlen = prefixlen + strlen(suffix) + randlen + 16;
author	Stephen Palmateer <stephen.palmateer@gmail.com>	2011-12-21 12:48:38 -0500
committer	Nick Mathewson <nickm@torproject.org>	2012-01-09 19:05:05 -0500
commit	3fadc074caa2f69b9d4ef17339a42dc9fbe4ad9e (patch)
tree	520d26b81a8db22fb2967af149183555166f0d5e /src/common/crypto.c
parent	1e5d66997bb6efae378cf8783a0b07c12dd7146f (diff)
download	tor-3fadc074caa2f69b9d4ef17339a42dc9fbe4ad9e.tar.gz tor-3fadc074caa2f69b9d4ef17339a42dc9fbe4ad9e.zip