aboutsummaryrefslogtreecommitdiff
path: root/src/or/directory.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2009-03-03 18:02:36 +0000
committerNick Mathewson <nickm@torproject.org>2009-03-03 18:02:36 +0000
commitcbbc0c9c8615d4541d99a0e3ff2027b878893888 (patch)
tree2e0ed8a31c2793cba8d1eeb6813e77610d5670d1 /src/or/directory.c
parent26d83fc04c66d2c592ff64b62830c171266b4f75 (diff)
downloadtor-cbbc0c9c8615d4541d99a0e3ff2027b878893888.tar.gz
tor-cbbc0c9c8615d4541d99a0e3ff2027b878893888.zip
Actually use tor_sscanf() to parse untrusted input.
svn:r18761
Diffstat (limited to 'src/or/directory.c')
-rw-r--r--src/or/directory.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/or/directory.c b/src/or/directory.c
index 6fac10dd7d..efccb1ef42 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -1247,7 +1247,7 @@ int
parse_http_response(const char *headers, int *code, time_t *date,
compress_method_t *compression, char **reason)
{
- int n1, n2;
+ unsigned n1, n2;
char datestr[RFC1123_TIME_LEN+1];
smartlist_t *parsed_headers;
tor_assert(headers);
@@ -1255,7 +1255,7 @@ parse_http_response(const char *headers, int *code, time_t *date,
while (TOR_ISSPACE(*headers)) headers++; /* tolerate leading whitespace */
- if (sscanf(headers, "HTTP/1.%d %d", &n1, &n2) < 2 ||
+ if (tor_sscanf(headers, "HTTP/1.%u %u", &n1, &n2) < 2 ||
(n1 != 0 && n1 != 1) ||
(n2 < 100 || n2 >= 600)) {
log_warn(LD_HTTP,"Failed to parse header %s",escaped(headers));