aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-01-15 13:25:13 -0500
committerNick Mathewson <nickm@torproject.org>2011-01-15 13:25:13 -0500
commit1393985768d760e11e45faabb537d28248306e8b (patch)
tree61b35b3b734f8a920a08cc9a9ecb70e408cd4a58 /src/or
parent9d133464c874191414dd51f546d09364419040cf (diff)
parentb97b0efec81c5564999c2545dd7f0ca230b239cc (diff)
downloadtor-1393985768d760e11e45faabb537d28248306e8b.tar
tor-1393985768d760e11e45faabb537d28248306e8b.tar.gz
Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts: src/or/routerparse.c src/or/test.c
Diffstat (limited to 'src/or')
-rw-r--r--src/or/routerparse.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 66d024ecd..a6eef2df6 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3227,7 +3227,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
}
sig->good_signature = 1;
} else {
- if (tok->object_size >= INT_MAX) {
+ if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING) {
tor_free(sig);
goto err;
}
@@ -3496,7 +3496,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
sig->alg = alg;
memcpy(sig->identity_digest, id_digest, DIGEST_LEN);
memcpy(sig->signing_key_digest, sk_digest, DIGEST_LEN);
- if (tok->object_size >= INT_MAX) {
+ if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING) {
tor_free(sig);
goto err;
}
@@ -3814,6 +3814,10 @@ static directory_token_t *
get_next_token(memarea_t *area,
const char **s, const char *eos, token_rule_t *table)
{
+ /** Reject any object at least this big; it is probably an overflow, an
+ * attack, a bug, or some other nonsense. */
+#define MAX_UNPARSED_OBJECT_SIZE (128*1024)
+
const char *next, *eol, *obstart;
size_t obname_len;
int i;
@@ -3898,7 +3902,8 @@ get_next_token(memarea_t *area,
obstart = *s; /* Set obstart to start of object spec */
if (*s+16 >= eol || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */
- strcmp_len(eol-5, "-----", 5)) { /* nuls or invalid endings */
+ strcmp_len(eol-5, "-----", 5) || /* nuls or invalid endings */
+ (eol-*s) > MAX_UNPARSED_OBJECT_SIZE) { /* name too long */
RET_ERR("Malformed object: bad begin line");
}
tok->object_type = STRNDUP(*s+11, eol-*s-16);
@@ -3923,13 +3928,16 @@ get_next_token(memarea_t *area,
ebuf[sizeof(ebuf)-1] = '\0';
RET_ERR(ebuf);
}
+ if (next - *s > MAX_UNPARSED_OBJECT_SIZE)
+ RET_ERR("Couldn't parse object: missing footer or object much too big.");
+
if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */
tok->key = crypto_new_pk_env();
if (crypto_pk_read_public_key_from_string(tok->key, obstart, eol-obstart))
RET_ERR("Couldn't parse public key.");
} else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */
tok->key = crypto_new_pk_env();
- if (crypto_pk_read_private_key_from_string(tok->key, obstart))
+ if (crypto_pk_read_private_key_from_string(tok->key, obstart, eol-obstart))
RET_ERR("Couldn't parse private key.");
} else { /* If it's something else, try to base64-decode it */
int r;
generated by cgit v1.2.3 (git 2.25.4) at 2024-09-23 00:23:18 +0000