From 971e83ef9c284ff82fdeedb7851fed5b3386dd1a Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 19 Jan 2011 13:22:50 -0500 Subject: [PATCH] Fix two more SIZE_T_CEILING issues This patch imposes (very long) limits on the length of a line in a directory document, and on the length of a certificate. I don't think it should actually be possible to overrun these remotely, since we already impose a maximum size on any directory object we're downloading, but a little defensive programming never hurt anybody. Roger emailed me that doorss reported these on IRC, but nobody seems to have put them on the bugtracker. --- changes/routerparse_maxima | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 changes/routerparse_maxima diff --git a/changes/routerparse_maxima b/changes/routerparse_maxima new file mode 100644 index 0000000000..340f2c3c2d --- /dev/null +++ b/changes/routerparse_maxima @@ -0,0 +1,4 @@ + o Minor bugfixes + - Check for and reject overly long directory certificates and + directory tokens before they have a chance to hit any + assertions. Bugfix on 0.2.1.28. Found by doorss. -- 2.11.4.GIT