Fix a possible negative shift in address comparison. May fix bug 845 and bug 811

author Nick Mathewson <nickm@torproject.org>

Wed, 29 Oct 2008 13:29:54 +0000 (13:29 +0000)

committer Nick Mathewson <nickm@torproject.org>

Wed, 29 Oct 2008 13:29:54 +0000 (13:29 +0000)
author Nick Mathewson <nickm@torproject.org>
Wed, 29 Oct 2008 13:29:54 +0000 (13:29 +0000)
committer Nick Mathewson <nickm@torproject.org>
Wed, 29 Oct 2008 13:29:54 +0000 (13:29 +0000)
diff --git a/ChangeLog b/ChangeLog

index f854b76fa8f1640a4c0b2c882e28dd10baf5384e..823dba958b1d464f7db8eba18f50e22470f949ab 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -41,6 +41,8 @@ Changes in version 0.2.1.7-alpha - 2008-10-xx
        prevent possible guess-the-streamid injection attacks from
        intermediate hops.  Fixes another case of bug 446. Based on patch
        from rovv.
+    - Avoid using a negative right-shift when comparing 32-bit
+      addresses.  Possible fix for bug 845 and bug 811.
  
  
  Changes in version 0.2.1.6-alpha - 2008-09-30
diff --git a/src/common/address.c b/src/common/address.c

index 2a2924a75612a0cfdaddcd8202282f5f649ea0c6..d6b64828c185242e74d995a9d3f94049d8fb3e57 100644 (file)
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -686,6 +686,8 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
        case AF_INET: {
          uint32_t a1 = ntohl(addr1->addr.in_addr.s_addr);
          uint32_t a2 = ntohl(addr2->addr.in_addr.s_addr);
+        if (mbits > 32)
+          mbits = 32;
          a1 >>= (32-mbits);
          a2 >>= (32-mbits);
          return (a1 < a2) ? -1 : (a1 == a2) ? 0 : 1;
author	Nick Mathewson <nickm@torproject.org>
	Wed, 29 Oct 2008 13:29:54 +0000 (13:29 +0000)
committer	Nick Mathewson <nickm@torproject.org>
	Wed, 29 Oct 2008 13:29:54 +0000 (13:29 +0000)
ChangeLog		patch \| blob \| blame \| history
src/common/address.c		patch \| blob \| blame \| history