rearrange our assert so we don't possibly overflow rh.length before

triggering the assert. reported by veracode. svn:r13601
author: Roger Dingledine <arma@torproject.org> 2008-02-19 23:54:17 +0000
committer: Roger Dingledine <arma@torproject.org> 2008-02-19 23:54:17 +0000
commit: 913f66278c5be1454639ebc566aa685602dc53d7 (patch)
tree: ee7db30b633e0fdb00e6b706bad3f2add7ebee77 /src/or/relay.c
parent: 0399538b90ad38bd0d5d8f4c37467666cd36c2e5 (diff)
download: tor-913f66278c5be1454639ebc566aa685602dc53d7.tar.gz
tor-913f66278c5be1454639ebc566aa685602dc53d7.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/src/or/relay.c b/src/or/relay.c
index 262e72f675..dd999e9eb0 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -475,6 +475,7 @@ relay_send_command_from_edge(uint16_t stream_id, circuit_t *circ,
   /* XXXX NM Split this function into a separate versions per circuit type? */
 
   tor_assert(circ);
+  tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
 
   memset(&cell, 0, sizeof(cell_t));
   cell.command = CELL_RELAY;
@@ -493,10 +494,8 @@ relay_send_command_from_edge(uint16_t stream_id, circuit_t *circ,
   rh.stream_id = stream_id;
   rh.length = payload_len;
   relay_header_pack(cell.payload, &rh);
-  if (payload_len) {
-    tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
+  if (payload_len)
     memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
-  }
 
   log_debug(LD_OR,"delivering %d cell %s.", relay_command,
             cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
author	Roger Dingledine <arma@torproject.org>	2008-02-19 23:54:17 +0000
committer	Roger Dingledine <arma@torproject.org>	2008-02-19 23:54:17 +0000
commit	913f66278c5be1454639ebc566aa685602dc53d7 (patch)
tree	ee7db30b633e0fdb00e6b706bad3f2add7ebee77 /src/or/relay.c
parent	0399538b90ad38bd0d5d8f4c37467666cd36c2e5 (diff)
download	tor-913f66278c5be1454639ebc566aa685602dc53d7.tar.gz tor-913f66278c5be1454639ebc566aa685602dc53d7.zip