commit a5ed62f96cafa1be251f9a7b4aafa519de4c2645
parent a08e6e711fbcd6a12818f1fe14739fc0e870434d
Author: Nick Mathewson <nickm@torproject.org>
Date: Fri, 7 Sep 2018 08:44:39 -0400
Merge branch 'maint-0.2.9' into maint-0.3.2
Diffstat:
2 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/changes/bug27463 b/changes/bug27463
@@ -0,0 +1,3 @@
+ o Minor bugfixes (onion services):
+ - Silence a spurious compiler warning in rend_client_send_introduction().
+ Fixes bug 27463; bugfix on 0.1.1.2-alpha.
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
@@ -238,6 +238,15 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
dh_offset = v3_shift+7+DIGEST_LEN+2+klen+REND_COOKIE_LEN;
} else {
/* Version 0. */
+
+ /* Some compilers are smart enough to work out that nickname can be more
+ * than 19 characters, when it's a hexdigest. They warn that strncpy()
+ * will truncate hexdigests without NUL-terminating them. But we only put
+ * hexdigests in HSDir and general circuit exits. */
+ if (BUG(strlen(rendcirc->build_state->chosen_exit->nickname)
+ > MAX_NICKNAME_LEN)) {
+ goto perm_err;
+ }
strncpy(tmp, rendcirc->build_state->chosen_exit->nickname,
(MAX_NICKNAME_LEN+1)); /* nul pads */
memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie,
