diff options
author | Robert Ransom <rransom.8774@gmail.com> | 2012-09-13 07:39:39 -0400 |
---|---|---|
committer | Robert Ransom <rransom.8774@gmail.com> | 2012-09-13 07:48:21 -0400 |
commit | 0a6480cdd00fbed2eba0e5bab6ef82bc809c665b (patch) | |
tree | 9e4ba0a8f26be20baa70e393132358905f077b2d /src | |
parent | 45439bfced7f41c2e0beecb715880cb83d421618 (diff) | |
download | tor-0a6480cdd00fbed2eba0e5bab6ef82bc809c665b.tar.gz tor-0a6480cdd00fbed2eba0e5bab6ef82bc809c665b.zip |
Avoid undefined behaviour when parsing HS protocol versions
Fixes bug 6827; bugfix on c58675ca728f12b42f65e5b8964ae695c2e0ec2d
(when the v2 HS desc parser was implemented).
Found by asn.
Diffstat (limited to 'src')
-rw-r--r-- | src/or/or.h | 7 | ||||
-rw-r--r-- | src/or/routerparse.c | 3 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/or/or.h b/src/or/or.h index 9074083a04..51c23d305d 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4279,14 +4279,17 @@ typedef struct rend_intro_point_t { time_t time_expiring; } rend_intro_point_t; +#define REND_PROTOCOL_VERSION_BITMASK_WIDTH 16 + /** Information used to connect to a hidden service. Used on both the * service side and the client side. */ typedef struct rend_service_descriptor_t { crypto_pk_t *pk; /**< This service's public key. */ int version; /**< Version of the descriptor format: 0 or 2. */ time_t timestamp; /**< Time when the descriptor was generated. */ - uint16_t protocols; /**< Bitmask: which rendezvous protocols are supported? - * (We allow bits '0', '1', and '2' to be set.) */ + /** Bitmask: which rendezvous protocols are supported? + * (We allow bits '0', '1', and '2' to be set.) */ + int protocols : REND_PROTOCOL_VERSION_BITMASK_WIDTH; /** List of the service's introduction points. Elements are removed if * introduction attempts fail. */ smartlist_t *intro_nodes; diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 60a2eae75f..2bf072b3cf 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -4823,6 +4823,9 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, 10, 0, INT_MAX, &num_ok, NULL); if (!num_ok) /* It's a string; let's ignore it. */ continue; + if (version >= REND_PROTOCOL_VERSION_BITMASK_WIDTH) + /* Avoid undefined left-shift behaviour. */ + continue; result->protocols |= 1 << version; } SMARTLIST_FOREACH(versions, char *, cp, tor_free(cp)); |