Make sure we can't overflow in connection_ap_handshake_send_resolve

author Sebastian Hahn <sebastian@torproject.org>

Sat, 26 Sep 2009 13:41:52 +0000 (15:41 +0200)

committer Nick Mathewson <nickm@torproject.org>

Sun, 27 Sep 2009 16:02:02 +0000 (12:02 -0400)
author Sebastian Hahn <sebastian@torproject.org>
Sat, 26 Sep 2009 13:41:52 +0000 (15:41 +0200)
committer Nick Mathewson <nickm@torproject.org>
Sun, 27 Sep 2009 16:02:02 +0000 (12:02 -0400)
diff --git a/ChangeLog b/ChangeLog

index 451a20c30dceed41c101427b9f98510fb60627fb..c79c865efa792eb0baae8fe8375fa8af90b08046 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,8 @@ Changes in version 0.2.2.4-alpha - 2009-??-??
        on 0.2.2.1-alpha.
      - Fix two memory leaks in the error case of
        circuit_build_times_parse_state. Bugfix on 0.2.2.2-alpha.
+    - Make it explicit that we can't overflow in
+      connection_ap_handshake_send_resolve. Bugfix on 0.0.7.1-1.
  
  Changes in version 0.2.2.3-alpha - 2009-09-23
    o Major bugfixes:
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c

index f25202725e7bcf2424159f6452ddc16ff5c185a7..0e6297a50a4a6f7637ab89e07d6609ff1a8f2177 100644 (file)
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2156,8 +2156,9 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
      tor_assert(payload_len <= (int)sizeof(inaddr_buf));
    }
  
-  if (payload_len > RELAY_PAYLOAD_SIZE) {
+  if (payload_len > MAX_SOCKS_ADDR_LEN) {
      /* This should be impossible: we don't accept addresses this big. */
+    /* XXX Should we log a bug here? */
      connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
      return -1;
    }
author	Sebastian Hahn <sebastian@torproject.org>
	Sat, 26 Sep 2009 13:41:52 +0000 (15:41 +0200)
committer	Nick Mathewson <nickm@torproject.org>
	Sun, 27 Sep 2009 16:02:02 +0000 (12:02 -0400)
ChangeLog		patch \| blob \| blame \| history
src/or/connection_edge.c		patch \| blob \| blame \| history