diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-05-07 12:25:59 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-05-07 12:25:59 -0400 |
| commit | 9b344628ed8f15543dc7780cc2a5cdd1b8f656cf (patch) | |
| tree | 6356e826688bbdec9002070da2bdf236ccee39ad /src/test | |
| parent | f6afd4efa6c24fab8ace710fc0eac4c8811b93dd (diff) | |
| download | tor-9b344628ed8f15543dc7780cc2a5cdd1b8f656cf.tar.gz tor-9b344628ed8f15543dc7780cc2a5cdd1b8f656cf.zip | |
Handle out-of-range values in tor_parse_* integer functions
The underlying strtoX functions handle overflow by saturating and
setting errno to ERANGE. If the min/max arguments to the
tor_parse_* functions are equal to the minimum/maximum of the
underlying type, then with the old approach, we wouldn't treat a
too-large value as genuinely broken.
Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor
0.0.9), which introduced these functions.
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/test_util.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/test/test_util.c b/src/test/test_util.c index 23cd059cf7..ee745c5cf0 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -283,6 +283,21 @@ test_util_strmisc(void) test_assert(i == 1); } + { + /* Test tor_parse_* where we overflow/underflow the underlying type. */ + /* This string should overflow 64-bit ints. */ +#define TOOBIG "100000000000000000000000000" + test_eq(0L, tor_parse_long(TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL)); + test_eq(i, 0); + test_eq(0L, tor_parse_long("-"TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL)); + test_eq(i, 0); + test_eq(0UL, tor_parse_ulong(TOOBIG, 10, 0, ULONG_MAX, &i, NULL)); + test_eq(i, 0); + test_eq(U64_LITERAL(0), tor_parse_uint64(TOOBIG, 10, + 0, UINT64_MAX, &i, NULL)); + test_eq(i, 0); + } + /* Test failing snprintf cases */ test_eq(-1, tor_snprintf(buf, 0, "Foo")); test_eq(-1, tor_snprintf(buf, 2, "Foo")); |