Fix a heap overflow found by debuger, and make it harder to make that mistake again

Our public key functions assumed that they were always writing into a large enough buffer. In one case, they weren't. (Incorporates fixes from sebastian)
author: Nick Mathewson <nickm@torproject.org> 2011-01-13 14:36:41 -0500
committer: Nick Mathewson <nickm@torproject.org> 2011-01-15 11:49:25 -0500
commit: 115782bdbe42e4b3d5cb386d2939a883bc381d12 (patch)
tree: facebd78bfcd426d3404999e5237c502fb34ebaa /src/or/rendclient.c
parent: a16902b9d4b0a912eb0a252bb945cbeaaa40dacb (diff)
download: tor-115782bdbe42e4b3d5cb386d2939a883bc381d12.tar.gz
tor-115782bdbe42e4b3d5cb386d2939a883bc381d12.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index edd24d8a3b..ab18d35298 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -193,6 +193,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
    * to avoid buffer overflows? */
   r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
+                                      sizeof(payload)-DIGEST_LEN,
                                       tmp,
                                       (int)(dh_offset+DH_KEY_LEN),
                                       PK_PKCS1_OAEP_PADDING, 0);
author	Nick Mathewson <nickm@torproject.org>	2011-01-13 14:36:41 -0500
committer	Nick Mathewson <nickm@torproject.org>	2011-01-15 11:49:25 -0500
commit	115782bdbe42e4b3d5cb386d2939a883bc381d12 (patch)
tree	facebd78bfcd426d3404999e5237c502fb34ebaa /src/or/rendclient.c
parent	a16902b9d4b0a912eb0a252bb945cbeaaa40dacb (diff)
download	tor-115782bdbe42e4b3d5cb386d2939a883bc381d12.tar.gz tor-115782bdbe42e4b3d5cb386d2939a883bc381d12.zip