diff options
| author | Roger Dingledine <arma@torproject.org> | 2004-03-14 22:47:11 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2004-03-14 22:47:11 +0000 |
| commit | fdc5751c606ae0b98bd5f85720171cff3ada94b4 (patch) | |
| tree | 7bf8b43e1523efecb0e4fe0ff3578d1599408cf9 /src | |
| parent | 5d41346b6744a0d249e3680d748325e401a9382d (diff) | |
| download | tor-fdc5751c606ae0b98bd5f85720171cff3ada94b4.tar.gz tor-fdc5751c606ae0b98bd5f85720171cff3ada94b4.zip | |
bugfix: address that strcat vulnerability in circuit.c
svn:r1273
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/circuit.c | 17 | ||||
| -rw-r--r-- | src/or/config.c | 4 | ||||
| -rw-r--r-- | src/or/dirserv.c | 2 | ||||
| -rw-r--r-- | src/or/routerlist.c | 2 |
4 files changed, 12 insertions, 13 deletions
diff --git a/src/or/circuit.c b/src/or/circuit.c index e0e7aa607c..41a58f0953 100644 --- a/src/or/circuit.c +++ b/src/or/circuit.c @@ -790,29 +790,28 @@ void circuit_about_to_close_connection(connection_t *conn) { } void circuit_log_path(int severity, circuit_t *circ) { - static char b[1024]; + char buf[1024]; + char *s = buf; struct crypt_path_t *hop; char *states[] = {"closed", "waiting for keys", "open"}; routerinfo_t *router; assert(circ->cpath); - sprintf(b,"circ (length %d, exit %s): ", + snprintf(s, sizeof(buf)-1, "circ (length %d, exit %s): ", circ->build_state->desired_path_len, circ->build_state->chosen_exit); hop=circ->cpath; do { + s = buf + strlen(buf); router = router_get_by_addr_port(hop->addr,hop->port); if(router) { - /* XXX strcat allows buffer overflow */ - strcat(b,router->nickname); - strcat(b,"("); - strcat(b,states[hop->state]); - strcat(b,"),"); + snprintf(s, sizeof(buf) - (s - buf), "%s(%s) ", + router->nickname, states[hop->state]); } else { - strcat(b,"UNKNOWN,"); + snprintf(s, sizeof(buf) - (s - buf), "UNKNOWN "); } hop=hop->next; } while(hop!=circ->cpath); - log_fn(severity,"%s",b); + log_fn(severity,"%s",buf); } static void diff --git a/src/or/config.c b/src/or/config.c index 4d7787e8d0..e06a22a3fd 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -345,7 +345,7 @@ static void print_usage(void) { ); } -int resolve_my_address(or_options_t *options) { +static int resolve_my_address(or_options_t *options) { struct in_addr in; struct hostent *rent; char localhostname[256]; @@ -377,7 +377,7 @@ int resolve_my_address(or_options_t *options) { assert(rent->h_length == 4); memcpy(&in.s_addr, rent->h_addr,rent->h_length); if(is_internal_IP(in.s_addr)) { - log_fn(LOG_WARN,"Address '%s' resolves to '%s'. " + log_fn(LOG_WARN,"Address '%s' resolves to private IP '%s'. " "Please set the Address config option to be your public IP.", options->Address, inet_ntoa(in)); return -1; diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 0da23a7162..a73be17c08 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -341,7 +341,7 @@ list_running_servers(char **nicknames_out) for (i = 0; i<n; ++i) { if (i) strcat(cp, " "); - strcat(cp, nickname_lst[i]); + strcat(cp, nickname_lst[i]); /* can't overflow */ while (*cp) ++cp; } diff --git a/src/or/routerlist.c b/src/or/routerlist.c index d5b16b56c1..172ff2069a 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1064,7 +1064,7 @@ router_add_exit_policy(routerinfo_t *router, directory_token_t *tok) { strcpy(newe->string, "accept "); newe->policy_type = EXIT_POLICY_ACCEPT; } - strcat(newe->string, arg); + strcat(newe->string, arg); /* can't overflow */ address = arg; mask = strchr(arg,'/'); |