help avoid overflow from len_in + (len_in/n)*len_ins

nick, do you think this does it? if so, we should maybe backport too. svn:r3334
author: Roger Dingledine <arma@torproject.org> 2005-01-10 16:30:51 +0000
committer: Roger Dingledine <arma@torproject.org> 2005-01-10 16:30:51 +0000
commit: 74bc4e5af02a569652a2bf4892117bc44887ad0b (patch)
tree: 692874790345462a214a16698c1c28a6d7a94d13 /src/common/util.c
parent: 4b6d55afdf48761eaa1b64f390adb76a12077541 (diff)
download: tor-74bc4e5af02a569652a2bf4892117bc44887ad0b.tar
tor-74bc4e5af02a569652a2bf4892117bc44887ad0b.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/src/common/util.c b/src/common/util.c
index e4a2889d7..11dbd2b71 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -215,6 +215,8 @@ int tor_strpartition(char *dest, size_t dest_len,
   tor_assert(dest_len < SIZE_T_CEILING);
   len_in = strlen(s);
   len_ins = strlen(insert);
+  tor_assert(len_in < SIZE_T_CEILING);
+  tor_assert(len_in/n < SIZE_T_CEILING/len_ins); /* avoid overflow */
   len_out = len_in + (len_in/n)*len_ins;
   is_even = (len_in%n) == 0;
   switch (rule)
author	Roger Dingledine <arma@torproject.org>	2005-01-10 16:30:51 +0000
committer	Roger Dingledine <arma@torproject.org>	2005-01-10 16:30:51 +0000
commit	74bc4e5af02a569652a2bf4892117bc44887ad0b (patch)
tree	692874790345462a214a16698c1c28a6d7a94d13 /src/common/util.c
parent	4b6d55afdf48761eaa1b64f390adb76a12077541 (diff)
download	tor-74bc4e5af02a569652a2bf4892117bc44887ad0b.tar tor-74bc4e5af02a569652a2bf4892117bc44887ad0b.tar.gz