aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/common/util.c14
-rw-r--r--src/common/util.h3
-rw-r--r--src/or/routerparse.c13
3 files changed, 27 insertions, 3 deletions
diff --git a/src/common/util.c b/src/common/util.c
index 2f1bc6171..db160fdf0 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -281,6 +281,20 @@ tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
return dup;
}
+/** As tor_memdup(), but add an extra 0 byte at the end of the resulting
+ * memory. */
+void *
+tor_memdup_nulterm(const void *mem, size_t len DMALLOC_PARAMS)
+{
+ char *dup;
+ tor_assert(len < SIZE_T_CEILING+1);
+ tor_assert(mem);
+ dup = tor_malloc_(len+1 DMALLOC_FN_ARGS);
+ memcpy(dup, mem, len);
+ dup[len] = '\0';
+ return dup;
+}
+
/** Helper for places that need to take a function pointer to the right
* spelling of "free()". */
void
diff --git a/src/common/util.h b/src/common/util.h
index 712352b03..96a02dd77 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -83,6 +83,8 @@ char *tor_strndup_(const char *s, size_t n DMALLOC_PARAMS)
ATTR_MALLOC ATTR_NONNULL((1));
void *tor_memdup_(const void *mem, size_t len DMALLOC_PARAMS)
ATTR_MALLOC ATTR_NONNULL((1));
+void *tor_memdup_nulterm_(const void *mem, size_t len DMALLOC_PARAMS)
+ ATTR_MALLOC ATTR_NONNULL((1));
void tor_free_(void *mem);
#ifdef USE_DMALLOC
extern int dmalloc_free(const char *file, const int line, void *pnt,
@@ -116,6 +118,7 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
#define tor_strdup(s) tor_strdup_(s DMALLOC_ARGS)
#define tor_strndup(s, n) tor_strndup_(s, n DMALLOC_ARGS)
#define tor_memdup(s, n) tor_memdup_(s, n DMALLOC_ARGS)
+#define tor_memdup_nulterm(s, n) tor_memdup_nulterm_(s, n DMALLOC_ARGS)
void tor_log_mallinfo(int severity);
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 0eadcc90f..370cf2682 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1494,7 +1494,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
extrainfo = tor_malloc_zero(sizeof(extrainfo_t));
extrainfo->cache_info.is_extrainfo = 1;
if (cache_copy)
- extrainfo->cache_info.signed_descriptor_body = tor_strndup(s, end-s);
+ extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s, end-s);
extrainfo->cache_info.signed_descriptor_len = end-s;
memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
@@ -3921,8 +3921,15 @@ tokenize_string(memarea_t *area,
tor_assert(area);
s = &start;
- if (!end)
+ if (!end) {
end = start+strlen(start);
+ } else {
+ /* it's only meaningful to check for nuls if we got an end-of-string ptr */
+ if (memchr(start, '\0', end-start)) {
+ log_warn(LD_DIR, "parse error: internal NUL character.");
+ return -1;
+ }
+ }
for (i = 0; i < NIL_; ++i)
counts[i] = 0;
@@ -4256,7 +4263,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
md->bodylen = start_of_next_microdesc - cp;
if (copy_body)
- md->body = tor_strndup(cp, md->bodylen);
+ md->body = tor_memdup_nulterm(cp, md->bodylen);
else
md->body = (char*)cp;
md->off = cp - start;