From 57154e71aa3b0ff205f2700e97f0ffe4531e1330 Mon Sep 17 00:00:00 2001 From: teor Date: Sun, 19 Feb 2017 22:38:06 +1100 Subject: [PATCH] Reject Tor versions that contain non-numeric prefixes strto* and _atoi64 accept +, -, and various whitespace before numeric characters. And permitted whitespace is different between POSIX and Windows. Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. --- changes/bug21507 | 5 +++++ src/or/routerparse.c | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 changes/bug21507 diff --git a/changes/bug21507 b/changes/bug21507 new file mode 100644 index 000000000..f83e291b6 --- /dev/null +++ b/changes/bug21507 @@ -0,0 +1,5 @@ + o Minor bugfixes (voting consistency): + - Reject version numbers with non-numeric prefixes (such as +, -, and + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. + Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1. diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 2ee0d2720..521e237be 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -5621,6 +5621,8 @@ tor_version_parse(const char *s, tor_version_t *out) #define NUMBER(m) \ do { \ + if (!cp || *cp < '0' || *cp > '9') \ + return -1; \ out->m = (int)tor_parse_uint64(cp, 10, 0, INT32_MAX, &ok, &eos); \ if (!ok) \ return -1; \