summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2003-12-17 09:20:29 +0000
committerRoger Dingledine <arma@torproject.org>2003-12-17 09:20:29 +0000
commit4a1e05de51859e258093ff82d93609921d0a4dad (patch)
treee5be2763256c0546e16190d68c285816c9ec2ded /src
parentaba237e3e281c4dc2b08d633040339717df750e5 (diff)
downloadtor-4a1e05de51859e258093ff82d93609921d0a4dad.tar.gz
tor-4a1e05de51859e258093ff82d93609921d0a4dad.zip
betcha didn't know strncpy could leave an unterminated string
svn:r949
Diffstat (limited to 'src')
-rw-r--r--src/or/dirserv.c2
-rw-r--r--src/or/dns.c7
2 files changed, 8 insertions, 1 deletions
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 8dc4de0080..10197e27c0 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -376,6 +376,7 @@ dirserv_dump_directory_to_string(char *s, int maxlen,
for (i = 0; i < n_descriptors; ++i) {
strncat(cp, descriptor_list[i]->descriptor, descriptor_list[i]->desc_len);
+ /* XXX Nick: do strncat and friends null-terminate? man page is ambiguous. */
cp += descriptor_list[i]->desc_len;
assert(!*cp);
}
@@ -400,6 +401,7 @@ dirserv_dump_directory_to_string(char *s, int maxlen,
((int)digest[2])&0xff,((int)digest[3])&0xff);
strncpy(cp, "-----BEGIN SIGNATURE-----\n", maxlen-i);
+ cp[maxlen-i-1] = 0;
i = strlen(s);
cp = s+i;
diff --git a/src/or/dns.c b/src/or/dns.c
index 269e3dcff1..0cf437afef 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -100,6 +100,7 @@ uint32_t dns_lookup(const char *address) {
}
strncpy(search.address, address, MAX_ADDRESSLEN);
+ search.address[MAX_ADDRESSLEN-1] = 0;
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if(resolve) { /* it's there */
if(resolve->state == CACHE_STATE_VALID) {
@@ -118,7 +119,7 @@ uint32_t dns_lookup(const char *address) {
}
#endif
-/* See if we have an addr for 'exitconn->address'. if so,
+/* See if we have a cache entry for 'exitconn->address'. if so,
* if resolve valid, put it into exitconn->addr and return 1.
* If resolve failed, return -1.
*
@@ -140,6 +141,7 @@ int dns_resolve(connection_t *exitconn) {
/* now check the tree to see if 'address' is already there. */
strncpy(search.address, exitconn->address, MAX_ADDRESSLEN);
+ search.address[MAX_ADDRESSLEN-1] = 0;
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if(resolve) { /* already there */
switch(resolve->state) {
@@ -167,6 +169,7 @@ int dns_resolve(connection_t *exitconn) {
resolve->state = CACHE_STATE_PENDING;
resolve->expire = now + MAX_DNS_ENTRY_AGE;
strncpy(resolve->address, exitconn->address, MAX_ADDRESSLEN);
+ resolve->address[MAX_ADDRESSLEN-1] = 0;
/* add us to the pending list */
pending_connection = tor_malloc(sizeof(struct pending_connection_t));
@@ -226,6 +229,7 @@ void dns_cancel_pending_resolve(char *address, connection_t *onlyconn) {
struct cached_resolve *resolve, *tmp;
strncpy(search.address, address, MAX_ADDRESSLEN);
+ search.address[MAX_ADDRESSLEN-1] = 0;
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if(!resolve) {
@@ -299,6 +303,7 @@ static void dns_found_answer(char *address, uint32_t addr) {
struct cached_resolve *resolve;
strncpy(search.address, address, MAX_ADDRESSLEN);
+ search.address[MAX_ADDRESSLEN-1] = 0;
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if(!resolve) {