diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-01-26 18:01:06 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-01-26 18:01:06 -0500 |
| commit | acd72d4e3e47c2d81d9f3586d227069b9c87094e (patch) | |
| tree | 67671109ff5e30cb0f539ab28ae6e9e5e07cc7f4 /src | |
| parent | dfbd19df418347d833df650e68367c96a3aa37ad (diff) | |
| download | tor-acd72d4e3e47c2d81d9f3586d227069b9c87094e.tar.gz tor-acd72d4e3e47c2d81d9f3586d227069b9c87094e.zip | |
Correctly copy microdescs/extrinfos with internal NUL bytes
Fixes bug 8037; bugfix on 0.2.0.1-alpha; reported by cypherpunks.
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/util.c | 14 | ||||
| -rw-r--r-- | src/common/util.h | 3 | ||||
| -rw-r--r-- | src/or/routerparse.c | 4 |
3 files changed, 19 insertions, 2 deletions
diff --git a/src/common/util.c b/src/common/util.c index 49ec75dc4a..71b77e20fa 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -282,6 +282,20 @@ tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS) return dup; } +/** As tor_memdup(), but add an extra 0 byte at the end of the resulting + * memory. */ +void * +tor_memdup_nulterm(const void *mem, size_t len DMALLOC_PARAMS) +{ + char *dup; + tor_assert(len < SIZE_T_CEILING+1); + tor_assert(mem); + dup = tor_malloc_(len+1 DMALLOC_FN_ARGS); + memcpy(dup, mem, len); + dup[len] = '\0'; + return dup; +} + /** Helper for places that need to take a function pointer to the right * spelling of "free()". */ void diff --git a/src/common/util.h b/src/common/util.h index 59c43a4441..170fb232f8 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -83,6 +83,8 @@ char *tor_strndup_(const char *s, size_t n DMALLOC_PARAMS) ATTR_MALLOC ATTR_NONNULL((1)); void *tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS) ATTR_MALLOC ATTR_NONNULL((1)); +void *tor_memdup_nulterm_(const void *mem, size_t len DMALLOC_PARAMS) + ATTR_MALLOC ATTR_NONNULL((1)); void tor_free_(void *mem); #ifdef USE_DMALLOC extern int dmalloc_free(const char *file, const int line, void *pnt, @@ -117,6 +119,7 @@ extern int dmalloc_free(const char *file, const int line, void *pnt, #define tor_strdup(s) tor_strdup_(s DMALLOC_ARGS) #define tor_strndup(s, n) tor_strndup_(s, n DMALLOC_ARGS) #define tor_memdup(s, n) tor_memdup_(s, n DMALLOC_ARGS) +#define tor_memdup_nulterm(s, n) tor_memdup_nulterm_(s, n DMALLOC_ARGS) void tor_log_mallinfo(int severity); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index b945ea6aa6..23dae382fc 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1494,7 +1494,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end, extrainfo = tor_malloc_zero(sizeof(extrainfo_t)); extrainfo->cache_info.is_extrainfo = 1; if (cache_copy) - extrainfo->cache_info.signed_descriptor_body = tor_strndup(s, end-s); + extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s, end-s); extrainfo->cache_info.signed_descriptor_len = end-s; memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN); @@ -4237,7 +4237,7 @@ microdescs_parse_from_string(const char *s, const char *eos, md->bodylen = start_of_next_microdesc - cp; if (copy_body) - md->body = tor_strndup(cp, md->bodylen); + md->body = tor_memdup_nulterm(cp, md->bodylen); else md->body = (char*)cp; md->off = cp - start; |