diff options
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/mempool.h | 2 | ||||
-rw-r--r-- | src/common/tortls.c | 4 | ||||
-rw-r--r-- | src/common/util.c | 12 |
3 files changed, 11 insertions, 7 deletions
diff --git a/src/common/mempool.h b/src/common/mempool.h index d0a7bc2f36..bc424acdeb 100644 --- a/src/common/mempool.h +++ b/src/common/mempool.h @@ -22,6 +22,8 @@ void mp_pool_destroy(mp_pool_t *pool); void mp_pool_assert_ok(mp_pool_t *pool); void mp_pool_log_status(mp_pool_t *pool, int severity); +#define MP_POOL_ITEM_OVERHEAD (sizeof(void*)) + #define MEMPOOL_STATS #ifdef MEMPOOL_PRIVATE diff --git a/src/common/tortls.c b/src/common/tortls.c index 60aac64929..11fe220e2d 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1176,10 +1176,11 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, goto error; #endif - /* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */ + /* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */ if (!(result->ctx = SSL_CTX_new(SSLv23_method()))) goto error; SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3); /* Disable TLS1.1 and TLS1.2 if they exist. We need to do this to * workaround a bug present in all OpenSSL 1.0.1 versions (as of 1 @@ -1204,6 +1205,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET); #endif + /* XXX This block is now obsolete. */ if ( #ifdef DISABLE_SSL3_HANDSHAKE 1 || diff --git a/src/common/util.c b/src/common/util.c index 6fb597a3a5..b16afa13e9 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -3256,10 +3256,10 @@ format_hex_number_for_helper_exit_status(unsigned int x, char *buf, * <b>hex_errno</b>. Called between fork and _exit, so must be signal-handler * safe. * - * <b>hex_errno</b> must have at least HEX_ERRNO_SIZE bytes available. + * <b>hex_errno</b> must have at least HEX_ERRNO_SIZE+1 bytes available. * * The format of <b>hex_errno</b> is: "CHILD_STATE/ERRNO\n", left-padded - * with spaces. Note that there is no trailing \0. CHILD_STATE indicates where + * with spaces. CHILD_STATE indicates where * in the processs of starting the child process did the failure occur (see * CHILD_STATE_* macros for definition), and SAVED_ERRNO is the value of * errno when the failure occurred. @@ -3294,7 +3294,7 @@ format_helper_exit_status(unsigned char child_state, int saved_errno, * Count how many chars of space we have left, and keep a pointer into the * current point in the buffer. */ - left = HEX_ERRNO_SIZE; + left = HEX_ERRNO_SIZE+1; cur = hex_errno; /* Emit child_state */ @@ -3338,8 +3338,8 @@ format_helper_exit_status(unsigned char child_state, int saved_errno, left -= written; cur += written; - /* Check that we have enough space left for a newline */ - if (left <= 0) + /* Check that we have enough space left for a newline and a NUL */ + if (left <= 1) goto err; /* Emit the newline and NUL */ @@ -3594,7 +3594,7 @@ tor_spawn_background(const char *const filename, const char **argv, this is used for printing out the error message */ unsigned char child_state = CHILD_STATE_INIT; - char hex_errno[HEX_ERRNO_SIZE]; + char hex_errno[HEX_ERRNO_SIZE + 2]; /* + 1 should be sufficient actually */ static int max_fd = -1; |