From 0222228d64bf29a3b9db5a80a557e20c3c360224 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 3 Jan 2011 16:16:53 -0500 Subject: [PATCH] Fix up size and sign issues in base32 code Fixes bug 2331. --- changes/bug2331 | 6 ++++++ src/common/crypto.c | 10 ++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 changes/bug2331 diff --git a/changes/bug2331 b/changes/bug2331 new file mode 100644 index 0000000000..df97ac2b45 --- /dev/null +++ b/changes/bug2331 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Add assertions to check for overflow in arguments to + base32_encode and base32_decode; fix a signed-unsigned + comparison there too. These bugs are actually reachable in Tor, + but it's good to prevent future errors too. Found by doorss. + diff --git a/src/common/crypto.c b/src/common/crypto.c index 65162618a3..71cf6d43d8 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2412,9 +2412,10 @@ digest256_from_base64(char *digest, const char *d64) void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen) { - unsigned int i, bit, v, u; - size_t nbits = srclen * 8; + unsigned int i, v, u; + size_t nbits = srclen * 8, bit; + tor_assert(srclen < SIZE_T_CEILING/8); tor_assert((nbits%5) == 0); /* We need an even multiple of 5 bits. */ tor_assert((nbits/5)+1 <= destlen); /* We need enough space. */ tor_assert(destlen < SIZE_T_CEILING); @@ -2438,11 +2439,12 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) { /* XXXX we might want to rewrite this along the lines of base64_decode, if * it ever shows up in the profile. */ - unsigned int i, j, bit; - size_t nbits; + unsigned int i, bit; + size_t nbits, j; char *tmp; nbits = srclen * 5; + tor_assert(srclen < SIZE_T_CEILING / 5); tor_assert((nbits%8) == 0); /* We need an even multiple of 8 bits. */ tor_assert((nbits/8) <= destlen); /* We need enough space. */ tor_assert(destlen < SIZE_T_CEILING); -- 2.11.4.GIT