commit 8625f36de1085cb24e532adb0bb76d3d2b6b5808
parent f26d6ead21015b7ba6f7d72ebfc2ebf29da0863b
Author: Nick Mathewson <nickm@torproject.org>
Date: Wed, 2 May 2018 08:46:28 -0400
Merge branch 'maint-0.3.3'
Diffstat:
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/changes/bug26007 b/changes/bug26007
@@ -0,0 +1,5 @@
+ o Major bugfixes (directory authorities, security):
+ - When directory authorities read a zero-byte bandwidth file, they log
+ a warning with the contents of an uninitialised buffer. Log a warning
+ about the empty file instead.
+ Fixes bug 26007; bugfix on 0.2.2.1-alpha.
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
@@ -2569,14 +2569,23 @@ dirserv_read_measured_bandwidths(const char *from_file,
time_t file_time, now;
int ok;
+ /* Initialise line, so that we can't possibly run off the end. */
+ memset(line, 0, sizeof(line));
+
if (fp == NULL) {
log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
from_file);
return -1;
}
- if (!fgets(line, sizeof(line), fp)
- || !strlen(line) || line[strlen(line)-1] != '\n') {
+ /* If fgets fails, line is either unmodified, or indeterminate. */
+ if (!fgets(line, sizeof(line), fp)) {
+ log_warn(LD_DIRSERV, "Empty bandwidth file");
+ fclose(fp);
+ return -1;
+ }
+
+ if (!strlen(line) || line[strlen(line)-1] != '\n') {
log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
escaped(line));
fclose(fp);
