aboutsummaryrefslogtreecommitdiff
path: root/src/or/routerparse.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-01-15 13:15:06 -0500
committerNick Mathewson <nickm@torproject.org>2011-01-15 13:15:06 -0500
commitb97b0efec81c5564999c2545dd7f0ca230b239cc (patch)
tree7bd479c07bf52595f58713e6c5844a0f8f1520d7 /src/or/routerparse.c
parent31b562e10abe51cf9d520e0a3ad2ffc3277d52a4 (diff)
parent1f3b4420233e83ef160ac41398827994ec7ae152 (diff)
downloadtor-b97b0efec81c5564999c2545dd7f0ca230b239cc.tar.gz
tor-b97b0efec81c5564999c2545dd7f0ca230b239cc.zip
Merge branch 'bug2352_obsize' into maint-0.2.1
Diffstat (limited to 'src/or/routerparse.c')
-rw-r--r--src/or/routerparse.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 9ad84ed8db..3778509051 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -2553,7 +2553,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
goto err;
v->good_signature = 1;
} else {
- if (tok->object_size >= INT_MAX)
+ if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING)
goto err;
/* We already parsed a vote from this voter. Use the first one. */
if (v->signature) {
@@ -2704,7 +2704,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
memcpy(voter->identity_digest, id_digest, DIGEST_LEN);
memcpy(voter->signing_key_digest, sk_digest, DIGEST_LEN);
- if (tok->object_size >= INT_MAX)
+ if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING)
goto err;
voter->signature = tor_memdup(tok->object_body, tok->object_size);
voter->signature_len = (int) tok->object_size;
@@ -3021,6 +3021,10 @@ static directory_token_t *
get_next_token(memarea_t *area,
const char **s, const char *eos, token_rule_t *table)
{
+ /** Reject any object at least this big; it is probably an overflow, an
+ * attack, a bug, or some other nonsense. */
+#define MAX_UNPARSED_OBJECT_SIZE (128*1024)
+
const char *next, *eol, *obstart;
size_t obname_len;
int i;
@@ -3105,7 +3109,8 @@ get_next_token(memarea_t *area,
obstart = *s; /* Set obstart to start of object spec */
if (*s+16 >= eol || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */
- strcmp_len(eol-5, "-----", 5)) { /* nuls or invalid endings */
+ strcmp_len(eol-5, "-----", 5) || /* nuls or invalid endings */
+ (eol-*s) > MAX_UNPARSED_OBJECT_SIZE) { /* name too long */
RET_ERR("Malformed object: bad begin line");
}
tok->object_type = STRNDUP(*s+11, eol-*s-16);
@@ -3130,13 +3135,16 @@ get_next_token(memarea_t *area,
ebuf[sizeof(ebuf)-1] = '\0';
RET_ERR(ebuf);
}
+ if (next - *s > MAX_UNPARSED_OBJECT_SIZE)
+ RET_ERR("Couldn't parse object: missing footer or object much too big.");
+
if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */
tok->key = crypto_new_pk_env();
if (crypto_pk_read_public_key_from_string(tok->key, obstart, eol-obstart))
RET_ERR("Couldn't parse public key.");
} else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */
tok->key = crypto_new_pk_env();
- if (crypto_pk_read_private_key_from_string(tok->key, obstart))
+ if (crypto_pk_read_private_key_from_string(tok->key, obstart, eol-obstart))
RET_ERR("Couldn't parse private key.");
} else { /* If it's something else, try to base64-decode it */
int r;
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion