summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/rendclient.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index a93bc94a9c..f0144b076f 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -269,6 +269,15 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
dh_offset = v3_shift+7+DIGEST_LEN+2+klen+REND_COOKIE_LEN;
} else {
/* Version 0. */
+
+ /* Some compilers are smart enough to work out that nickname can be more
+ * than 19 characters, when it's a hexdigest. They warn that strncpy()
+ * will truncate hexdigests without NUL-terminating them. But we only put
+ * hexdigests in HSDir and general circuit exits. */
+ if (BUG(strlen(rendcirc->build_state->chosen_exit->nickname)
+ > MAX_NICKNAME_LEN)) {
+ goto perm_err;
+ }
strncpy(tmp, rendcirc->build_state->chosen_exit->nickname,
(MAX_NICKNAME_LEN+1)); /* nul pads */
memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie,