o Major bugfixes:
- Fix an infinite-loop bug on handling corrupt votes under certain
circumstances. Bugfix on 0.2.0.8-alpha.
+ - Avoid a potential crash on exit nodes when processing malformed
+ input. Remote DoS opportunity. Bugfix on 0.2.1.7-alpha.
o Minor bugfixes:
- Let controllers actually ask for the "clients_seen" event. Bugfix
#define CLOSE_SOCKET(x) close(x)
#endif
-#define ISSPACE(c) isspace((int)(unsigned char)(c))
-#define ISDIGIT(c) isdigit((int)(unsigned char)(c))
-#define ISALPHA(c) isalpha((int)(unsigned char)(c))
-#define TOLOWER(c) (char)tolower((int)(unsigned char)(c))
-#define TOUPPER(c) (char)toupper((int)(unsigned char)(c))
+#define ISSPACE(c) TOR_ISSPACE(c)
+#define ISDIGIT(c) TOR_ISDIGIT(c)
+#define ISALPHA(c) TOR_ISALPHA(c)
+#define TOLOWER(c) TOR_TOLOWER(c)
+#define TOUPPER(c) TOR_TOUPPER(c)
#ifndef NDEBUG
static const char *
default_random_bytes_fn(char *buf, size_t n)
{
unsigned i;
- for (i = 0; i < n-1; i += 2) {
+ for (i = 0; i < n; i += 2) {
u16 tid = trans_id_function();
buf[i] = (tid >> 8) & 0xff;
- buf[i+1] = tid & 0xff;
- }
- if (i < n) {
- u16 tid = trans_id_function();
- buf[i] = tid & 0xff;
+ if (i+1<n)
+ buf[i+1] = tid & 0xff;
}
}
(void) flags;
if (!req) return NULL;
+
+ if (name_len >= sizeof(namebuf)) {
+ _free(req);
+ return NULL;
+ }
+
memset(req, 0, sizeof(struct request));
if (global_randomize_case) {
projects / thirdparty / tor.git / commitdiff
