diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-09-17 09:52:43 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-09-17 10:28:14 -0400 |
| commit | 96d2a21683cdfe25b549e13fa450d4b12fb945b2 (patch) | |
| tree | 64fe4f8b4d134fb9c607754463946dc74606ad4d /changes | |
| parent | 2939cc3ba3afe5ef2c6a273eef18577274e6867b (diff) | |
| download | tor-96d2a21683cdfe25b549e13fa450d4b12fb945b2.tar tor-96d2a21683cdfe25b549e13fa450d4b12fb945b2.tar.gz | |
Avoid sign-extending when computing rend auth type.
Right-shifting negative values has implementation-defined behavior.
On all the platforms we work on right now, the behavior is to
sign-extend the input. That isn't what we wanted in
auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1;
Fix for 6861; bugfix on 0.2.1.5-alpha; reported pseudonymously.
The broken behavior didn't actually hurt anything, I think, since the
only way to get sign-extension to happen would be to have the top bit
of descriptor_cookie_tmp[16] set, which would make the value of
descriptor_cookie_tmp[16] >> 4 somewhere between 0b11111111 and
0b11111000 (that is, between -1 and -8). So auth_type_val would be
between -7 and 0. And the immediate next line does:
if (auth_type_val < 1 || auth_type_val > 2) {
So the incorrectly computed auth_type_val would be rejected as
invalid, just as a correctly computed auth_type_val would be.
Still, this stuff shouldn't sit around the codebase.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug6861 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/changes/bug6861 b/changes/bug6861 new file mode 100644 index 000000000..1040bd7a3 --- /dev/null +++ b/changes/bug6861 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix handling of rendezvous client authorization types over 8. + Fixes bug 6841; bugfix on 0.2.1.5-alpha. |