From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 12 Oct 2004 18:38:36 +0000 (+0000)
Subject: Add fix for remote-crash bug.
X-Git-Tag: debian-version-0.0.8+0.0.9pre2-1~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6fc2b9dd2dec8376ad53df57a544fa66f37a2ca;p=thirdparty%2Ftor.git

Add fix for remote-crash bug.


svn:r2447
---

diff --git a/src/or/buffers.c b/src/or/buffers.c
index 7d5153ad5e..89dc0fc6b0 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -381,6 +381,10 @@ int fetch_from_buf_http(buf_t *buf,
   p = strstr(headers, CONTENT_LENGTH);
   if (p) {
     contentlen = atoi(p+strlen(CONTENT_LENGTH));
+    if (contentlen < 0) {
+      log_fn(LOG_WARN, "Content-Length is less than zero; it looks like someone is trying to crash us.");
+      return -1;
+    }
     /* if content-length is malformed, then our body length is 0. fine. */
     log_fn(LOG_DEBUG,"Got a contentlen of %d.",contentlen);
     if(bodylen < contentlen) {