summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-02-15 08:46:13 -0500
committerNick Mathewson <nickm@torproject.org>2018-03-01 16:05:17 -0500
commit8b405c609e82fbfb5470967fc4c45165c708e72b (patch)
treeeb1b2646441e74d8d04dacbe44e535299bc5b9c0 /src/or
parent0953c43c955c4bdb82f0aa86f23f9c0cdcc2c9a1 (diff)
downloadtor-8b405c609e82fbfb5470967fc4c45165c708e72b.tar.gz
tor-8b405c609e82fbfb5470967fc4c45165c708e72b.zip
Forbid "-0" as a protocol version.
Fixes part of 24249; bugfix on 0.2.9.4-alpha.
Diffstat (limited to 'src/or')
-rw-r--r--src/or/protover.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/or/protover.c b/src/or/protover.c
index e63036f784..f32316f8e7 100644
--- a/src/or/protover.c
+++ b/src/or/protover.c
@@ -123,6 +123,11 @@ parse_version_range(const char *s, const char *end_of_range,
if (BUG(!end_of_range))
end_of_range = s + strlen(s); // LCOV_EXCL_LINE
+ /* A range must start with a digit. */
+ if (!TOR_ISDIGIT(*s)) {
+ goto error;
+ }
+
/* Note that this wouldn't be safe if we didn't know that eventually,
* we'd hit a NUL */
low = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
@@ -138,7 +143,11 @@ parse_version_range(const char *s, const char *end_of_range,
if (*next != '-')
goto error;
s = next+1;
+
/* ibid */
+ if (!TOR_ISDIGIT(*s)) {
+ goto error;
+ }
high = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
if (!ok)
goto error;