Detect an unlikely integer overflow.

author Nick Mathewson <nickm@torproject.org>

Thu, 27 Sep 2018 20:30:02 +0000 (16:30 -0400)

committer Nick Mathewson <nickm@torproject.org>

Thu, 27 Sep 2018 20:30:02 +0000 (16:30 -0400)
author Nick Mathewson <nickm@torproject.org>
Thu, 27 Sep 2018 20:30:02 +0000 (16:30 -0400)
committer Nick Mathewson <nickm@torproject.org>
Thu, 27 Sep 2018 20:30:02 +0000 (16:30 -0400)
diff --git a/src/feature/stats/geoip_stats.c b/src/feature/stats/geoip_stats.c

index 3e647bd46c09cecf0207ddab2eb56e68436c2cb3..1a4f8ddfb0ae129f019f844b75eed75f1d477f99 100644 (file)
--- a/src/feature/stats/geoip_stats.c
+++ b/src/feature/stats/geoip_stats.c
@@ -265,7 +265,10 @@ geoip_note_client_seen(geoip_client_action_t action,
      int country_idx = geoip_get_country_by_addr(addr);
      if (country_idx < 0)
        country_idx = 0; /** unresolved requests are stored at index 0. */
-    increment_v3_ns_request(country_idx);
+    IF_BUG_ONCE(country_idx > COUNTRY_MAX) {
+      return;
+    }
+    increment_v3_ns_request((country_t) country_idx);
    }
  }
  
diff --git a/src/lib/geoip/country.h b/src/lib/geoip/country.h

index e4ad0752b3a968d80757d3c9f088541845846081..080c15602319f823101b158e9c7b006ac1d89d27 100644 (file)
--- a/src/lib/geoip/country.h
+++ b/src/lib/geoip/country.h
@@ -11,4 +11,6 @@
  /** A signed integer representing a country code. */
  typedef int16_t country_t;
  
+#define COUNTRY_MAX INT16_MAX
+
  #endif
author	Nick Mathewson <nickm@torproject.org>
	Thu, 27 Sep 2018 20:30:02 +0000 (16:30 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Thu, 27 Sep 2018 20:30:02 +0000 (16:30 -0400)
src/feature/stats/geoip_stats.c		patch \| blob \| blame \| history
src/lib/geoip/country.h		patch \| blob \| blame \| history