← Back to branch summary

~ubuntu-branches/debian/lenny/tor/lenny

« back to all changes in this revision

Viewing changes to src/or/circuituse.c

  • Committer: Package Import Robot
  • Author(s): Peter Palfrader
  • Date: 2011-12-15 21:25:18 UTC
  • mfrom: (1.6.1) (6.1.16 sid)
  • Revision ID: package-import@ubuntu.com-20111215212518-4eaqirobd1uhcmxb
Tags: 0.2.1.32-1
New upstream version, fixing a heap overflow bug related to Tor's
SOCKS code (CVE-2011-2778).

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/or/circuituse.c
59
59
      return 0;
60
60
  }
61
61
 
62
 
  if (purpose == CIRCUIT_PURPOSE_C_GENERAL)
 
62
  if (purpose == CIRCUIT_PURPOSE_C_GENERAL ||
 
63
      purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
63
64
    if (circ->timestamp_dirty &&
64
65
       circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now)
65
66
      return 0;
94
95
        char digest[DIGEST_LEN];
95
96
        if (hexdigest_to_digest(conn->chosen_exit_name, digest) < 0)
96
97
          return 0; /* broken digest, we don't want it */
97
 
        if (memcmp(digest, build_state->chosen_exit->identity_digest,
 
98
        if (tor_memneq(digest, build_state->chosen_exit->identity_digest,
98
99
                          DIGEST_LEN))
99
100
          return 0; /* this is a circuit to somewhere else */
100
101
        if (tor_digest_is_zero(digest)) {
1560
1561
                 "introduction. (stream %d sec old)",
1561
1562
                 introcirc->_base.n_circ_id, rendcirc->_base.n_circ_id,
1562
1563
                 conn_age);
1563
 
        if (rend_client_send_introduction(introcirc, rendcirc) < 0) {
 
1564
        switch (rend_client_send_introduction(introcirc, rendcirc)) {
 
1565
        case 0: /* success */
 
1566
          rendcirc->_base.timestamp_dirty = time(NULL);
 
1567
          introcirc->_base.timestamp_dirty = time(NULL);
 
1568
          assert_circuit_ok(TO_CIRCUIT(rendcirc));
 
1569
          assert_circuit_ok(TO_CIRCUIT(introcirc));
 
1570
          return 0;
 
1571
        case -1: /* transient error */
 
1572
          return 0;
 
1573
        case -2: /* permanent error */
 
1574
          return -1;
 
1575
        default: /* oops */
 
1576
          tor_fragile_assert();
1564
1577
          return -1;
1565
1578
        }
1566
 
        rendcirc->_base.timestamp_dirty = time(NULL);
1567
 
        introcirc->_base.timestamp_dirty = time(NULL);
1568
 
        assert_circuit_ok(TO_CIRCUIT(rendcirc));
1569
 
        assert_circuit_ok(TO_CIRCUIT(introcirc));
1570
 
        return 0;
1571
1579
      }
1572
1580
    }
1573
1581