From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 19 Jan 2011 18:22:50 +0000 (-0500)
Subject: Fix two more SIZE_T_CEILING issues
X-Git-Tag: tor-0.2.2.22-alpha~4^2~2^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=971e83ef9c284ff82fdeedb7851fed5b3386dd1a;p=thirdparty%2Ftor.git

Fix two more SIZE_T_CEILING issues

This patch imposes (very long) limits on the length of a line in a
directory document, and on the length of a certificate.  I don't
think it should actually be possible to overrun these remotely,
since we already impose a maximum size on any directory object we're
downloading, but a little defensive programming never hurt anybody.

Roger emailed me that doorss reported these on IRC, but nobody seems
to have put them on the bugtracker.
---

diff --git a/changes/routerparse_maxima b/changes/routerparse_maxima
new file mode 100644
index 0000000000..340f2c3c2d
--- /dev/null
+++ b/changes/routerparse_maxima
@@ -0,0 +1,4 @@
+  o Minor bugfixes
+    - Check for and reject overly long directory certificates and
+      directory tokens before they have a chance to hit any
+      assertions. Bugfix on 0.2.1.28. Found by doorss.