From 74bc4e5af02a569652a2bf4892117bc44887ad0b Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 10 Jan 2005 16:30:51 +0000 Subject: help avoid overflow from len_in + (len_in/n)*len_ins nick, do you think this does it? if so, we should maybe backport too. svn:r3334 --- src/common/util.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/common/util.c') diff --git a/src/common/util.c b/src/common/util.c index e4a2889d7..11dbd2b71 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -215,6 +215,8 @@ int tor_strpartition(char *dest, size_t dest_len, tor_assert(dest_len < SIZE_T_CEILING); len_in = strlen(s); len_ins = strlen(insert); + tor_assert(len_in < SIZE_T_CEILING); + tor_assert(len_in/n < SIZE_T_CEILING/len_ins); /* avoid overflow */ len_out = len_in + (len_in/n)*len_ins; is_even = (len_in%n) == 0; switch (rule) -- cgit v1.2.3