tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 0ea2e15d84c375a36b9f6a471b21ca6537f78fc3
parent 45c1a36acb0c859d647014d2d41b8497ecebcc14
Author: David Goulet <dgoulet@torproject.org>
Date:   Wed, 22 Nov 2023 15:01:03 +0000

Merge branch 'did-sanity-memmem' into 'main'

add sanity check in tor_memmem

Closes #40854

See merge request tpo/core/tor!785
Diffstat:

Achanges/ticket40854 | 3+++


Msrc/lib/string/util_string.c | 2++


2 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/changes/ticket40854 b/changes/ticket40854
@@ -0,0 +1,3 @@
+  o Minor feature (defense in depth):
+    - verify needle is smaller than haystack before calling memmem.
+      Closes ticket 40854.
diff --git a/src/lib/string/util_string.c b/src/lib/string/util_string.c
@@ -31,6 +31,8 @@ tor_memmem(const void *_haystack, size_t hlen,
 {
 #if defined(HAVE_MEMMEM) && (!defined(__GNUC__) || __GNUC__ >= 2)
   raw_assert(nlen);
+  if (nlen > hlen)
+    return NULL;
   return memmem(_haystack, hlen, _needle, nlen);
 #else
   /* This isn't as fast as the GLIBC implementation, but it doesn't need to