From 50136b66981ae80c2b139aa441a8472c84bc11e6 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 16 Jul 2013 13:59:09 -0400 Subject: Use memdup_nulterm and check for NULs in handle_cmd_transport --- src/or/ext_orport.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c index 7dfe6248b0..e0980dedac 100644 --- a/src/or/ext_orport.c +++ b/src/or/ext_orport.c @@ -467,9 +467,13 @@ static int connection_ext_or_handle_cmd_transport(or_connection_t *conn, const char *payload, uint16_t len) { - char *transport_str = tor_malloc(len + 1); /* NUL-terminate the string */ - memcpy(transport_str, payload, len); - transport_str[len] = 0; + char *transport_str; + if (memchr(payload, '\0', len)) { + log_fn(LOG_PROTOCOL_WARN, LD_NET, "Unexpected NUL in ExtORPort Transport"); + return -1; + } + + transport_str = tor_memdup_nulterm(payload, len); /* Transport names MUST be C-identifiers. */ if (!string_is_C_identifier(transport_str)) { -- cgit v1.2.3-54-g00ecf