commit 16199a54a2b3f5ce94c6ca4248cbf44448ba95ae
parent 94a79981580d6260597f799bc1a163c8e6f07acd
Author: Nick Mathewson <nickm@torproject.org>
Date: Mon, 17 Dec 2018 09:14:16 -0500
Check hostname before using it in send_resolved_hostname_cell()
Also, turn an absent hostname into a BUG(), not a crash.
Found by scan-build.
Closes ticket 28879; bugfix on 0.1.2.7-alpha
Diffstat:
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/changes/ticket28879 b/changes/ticket28879
@@ -0,0 +1,5 @@
+ o Minor bugfixes (correctness):
+ - Fix an unreached code-path where we checked the value of "hostname"
+ inside send_resolved_hostnam_cell(). Previously, we used it before
+ checking it; now we check it first. Fixes bug 28879; bugfix on
+ 0.1.2.7-alpha.
diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c
@@ -586,8 +586,11 @@ send_resolved_hostname_cell,(edge_connection_t *conn,
char buf[RELAY_PAYLOAD_SIZE];
size_t buflen;
uint32_t ttl;
+
+ if (BUG(!hostname))
+ return;
+
size_t namelen = strlen(hostname);
- tor_assert(hostname);
tor_assert(namelen < 256);
ttl = dns_clip_ttl(conn->address_ttl);
