Correct HS descriptor length check

author Nick Mathewson <nickm@torproject.org>

Mon, 18 Apr 2011 20:53:13 +0000 (13:53 -0700)

committer Robert Ransom <rransom.8774@gmail.com>

Mon, 18 Apr 2011 20:53:13 +0000 (13:53 -0700)
author Nick Mathewson <nickm@torproject.org>
Mon, 18 Apr 2011 20:53:13 +0000 (13:53 -0700)
committer Robert Ransom <rransom.8774@gmail.com>
Mon, 18 Apr 2011 20:53:13 +0000 (13:53 -0700)
diff --git a/changes/bug2948 b/changes/bug2948

new file mode 100644 (file)

index 0000000..640ef62
--- /dev/null
+++ b/changes/bug2948
@@ -0,0 +1,7 @@
+  o Minor bugfixes
+    - Only limit the lengths of single HS descriptors, even when
+      multiple HS descriptors are published to an HSDir relay in a
+      single POST operation.  Fixes bug 2948; bugfix on 0.2.1.5-alpha.
+      Found by hsdir.
+
+
diff --git a/src/or/routerparse.c b/src/or/routerparse.c

index 8456a0a02d1f68d7c2b49b2ff778401bd390129c..dd72eb6bb4b569879a1868849ca42f45e4edca88 100644 (file)
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4638,12 +4638,12 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
    else
      eos = eos + 1;
    /* Check length. */
-  if (strlen(desc) > REND_DESC_MAX_SIZE) {
+  if (eos-desc > REND_DESC_MAX_SIZE) {
      /* XXX023 If we are parsing this descriptor as a server, this
       * should be a protocol warning. */
      log_warn(LD_REND, "Descriptor length is %i which exceeds "
               "maximum rendezvous descriptor size of %i bytes.",
-             (int)strlen(desc), REND_DESC_MAX_SIZE);
+             (int)(eos-desc), REND_DESC_MAX_SIZE);
      goto err;
    }
    /* Tokenize descriptor. */
author	Nick Mathewson <nickm@torproject.org>
	Mon, 18 Apr 2011 20:53:13 +0000 (13:53 -0700)
committer	Robert Ransom <rransom.8774@gmail.com>
	Mon, 18 Apr 2011 20:53:13 +0000 (13:53 -0700)
changes/bug2948	[new file with mode: 0644]	patch \| blob
src/or/routerparse.c		patch \| blob \| blame \| history