]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c3f8f5a)
Do not leave empty, invalid chunks in buffers during buf_pullup
authorNick Mathewson <nickm@torproject.org>
Tue, 3 Mar 2015 21:20:17 +0000 (22:20 +0100)
committerNick Mathewson <nickm@torproject.org>
Tue, 3 Mar 2015 21:21:41 +0000 (22:21 +0100)
This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha.

Patch from 'cypherpunks'

changes/bug15083 [new file with mode: 0644] patch | blob
src/or/buffers.c patch | blob | blame | history

diff --git a/changes/bug15083 b/changes/bug15083
new file mode 100644 (file)
index 0000000..98d1d0e
--- /dev/null
+++ b/changes/bug15083
@@ -0,0 +1,6 @@
+  o Major bugfixes (relay, stability):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed
+      to buf_pullup() at exactly the wrong time. Fixes bug 15083;
+      bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
+   
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 9be0476f6405bf531b0a6c37f189eff04912738c..7976432793a7a5cb86f14712cee455c29b7a39c6 100644 (file)
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -426,7 +426,7 @@ buf_pullup(buf_t *buf, size_t bytes, int nulterminate)
     size_t n = bytes - dest->datalen;
     src = dest->next;
     tor_assert(src);
-    if (n > src->datalen) {
+    if (n >= src->datalen) {
       memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen);
       dest->datalen += src->datalen;
       dest->next = src->next;
Mirror of https://git.torproject.org/tor.git