diff options
author | Kevin Butler <haqkrs@gmail.com> | 2013-09-03 01:14:43 +0100 |
---|---|---|
committer | Kevin Butler <haqkrs@gmail.com> | 2013-09-03 01:14:43 +0100 |
commit | 5327605caa5863ec9593fd0899425cd971a9d525 (patch) | |
tree | beda4e3d2f8aebd32716ab6fc0e9862b1d1d04a6 /src/or | |
parent | 00bcc25d05dc0273323a2cae20c6aa62afd4b50a (diff) | |
download | tor-5327605caa5863ec9593fd0899425cd971a9d525.tar.gz tor-5327605caa5863ec9593fd0899425cd971a9d525.zip |
Tougher validation for parsing urls from HTTP headers. Fixes #2767.
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/directory.c | 9 | ||||
-rw-r--r-- | src/or/directory.h | 5 |
2 files changed, 13 insertions, 1 deletions
diff --git a/src/or/directory.c b/src/or/directory.c index 97305ae2a8..58ce0cf838 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -1387,7 +1387,7 @@ directory_send_command(dir_connection_t *conn, * so it does. Return 0. * Otherwise, return -1. */ -static int +STATIC int parse_http_url(const char *headers, char **url) { char *s, *start, *tmp; @@ -1416,6 +1416,13 @@ parse_http_url(const char *headers, char **url) } } + /* Check if the header is well formed (next sequence + * should be HTTP/1.X\r\n). Assumes we're supporting 1.0? */ + char *e = (char *)eat_whitespace_no_nl(s); + if (strcmpstart(e, "HTTP/1.") || !(*(e+8) == '\r')) { + return -1; + } + if (s-start < 5 || strcmpstart(start,"/tor/")) { /* need to rewrite it */ *url = tor_malloc(s - start + 5); strlcpy(*url,"/tor", s-start+5); diff --git a/src/or/directory.h b/src/or/directory.h index 41f18a1725..0453160f7a 100644 --- a/src/or/directory.h +++ b/src/or/directory.h @@ -118,5 +118,10 @@ download_status_mark_impossible(download_status_t *dl) int download_status_get_n_failures(const download_status_t *dls); +#ifdef TOR_UNIT_TESTS +/* Used only by directory.c and test_dir.c */ +STATIC int parse_http_url(const char *headers, char **url); +#endif + #endif |