Remove a check in channeltls.c that could never fail.

We were checking whether a 8-bit length field had overflowed a 503-byte buffer. Unless somebody has found a way to store "504" in a single byte, it seems unlikely. Fix for 10313 and 9980. Based on a pach by Jared L Wong. First found by David Fifield with STACK.
author: Nick Mathewson <nickm@torproject.org> 2013-12-09 11:02:34 -0500
committer: Nick Mathewson <nickm@torproject.org> 2013-12-09 11:02:34 -0500
commit: c56bb300447688788cb4c78c0290bc95386e63d9 (patch)
tree: 788c96f383aef9dc6a0730e3807691c33bfcadbe /changes
parent: 7ef2939e5a902c6159227de176622ee9388e34a4 (diff)
download: tor-c56bb300447688788cb4c78c0290bc95386e63d9.tar
tor-c56bb300447688788cb4c78c0290bc95386e63d9.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/bug10313 b/changes/bug10313
new file mode 100644
index 000000000..b29d4daff
--- /dev/null
+++ b/changes/bug10313
@@ -0,0 +1,8 @@
+  o Minor bugfixes:
+    - Fixed an erroneous pointer comparison that would have allowed
+      compilers to remove a bounds check in channeltls.c. The fix
+      was to remove the check entirely, since it was impossible for
+      the code to overflow the bounds. Noticed by Jared L
+      Wong. Fixes bug 10313 and 9980. Bugfix on 0.2.0.10-alpha.
+
+
author	Nick Mathewson <nickm@torproject.org>	2013-12-09 11:02:34 -0500
committer	Nick Mathewson <nickm@torproject.org>	2013-12-09 11:02:34 -0500
commit	c56bb300447688788cb4c78c0290bc95386e63d9 (patch)
tree	788c96f383aef9dc6a0730e3807691c33bfcadbe /changes
parent	7ef2939e5a902c6159227de176622ee9388e34a4 (diff)
download	tor-c56bb300447688788cb4c78c0290bc95386e63d9.tar tor-c56bb300447688788cb4c78c0290bc95386e63d9.tar.gz