From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 18 Apr 2011 20:53:13 +0000 (-0700)
Subject: Correct HS descriptor length check
X-Git-Tag: tor-0.2.2.25-alpha~15^2~3^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=48bdc2f729cba1a22305f6150d230cf0334ebd55;p=thirdparty%2Ftor.git

Correct HS descriptor length check

Fixes bug 2948.
---

diff --git a/changes/bug2948 b/changes/bug2948
new file mode 100644
index 0000000000..640ef625d9
--- /dev/null
+++ b/changes/bug2948
@@ -0,0 +1,7 @@
+  o Minor bugfixes
+    - Only limit the lengths of single HS descriptors, even when
+      multiple HS descriptors are published to an HSDir relay in a
+      single POST operation.  Fixes bug 2948; bugfix on 0.2.1.5-alpha.
+      Found by hsdir.
+
+
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 8456a0a02d..dd72eb6bb4 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4638,12 +4638,12 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
   else
     eos = eos + 1;
   /* Check length. */
-  if (strlen(desc) > REND_DESC_MAX_SIZE) {
+  if (eos-desc > REND_DESC_MAX_SIZE) {
     /* XXX023 If we are parsing this descriptor as a server, this
      * should be a protocol warning. */
     log_warn(LD_REND, "Descriptor length is %i which exceeds "
              "maximum rendezvous descriptor size of %i bytes.",
-             (int)strlen(desc), REND_DESC_MAX_SIZE);
+             (int)(eos-desc), REND_DESC_MAX_SIZE);
     goto err;
   }
   /* Tokenize descriptor. */