mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 13:13:44 +01:00
Fix TROVE-2020-003.
Given that ed25519 public key validity checks are usually not needed and (so far) they are only necessary for onion addesses in the Tor protocol, we decided to fix this specific bug instance without modifying the rest of the codebase (see below for other fix approaches). In our minimal fix we check that the pubkey in hs_service_add_ephemeral() is valid and error out otherwise.
This commit is contained in:
parent
c940b7cf13
commit
089e57d22f
4
changes/trove_2020_003
Normal file
4
changes/trove_2020_003
Normal file
@ -0,0 +1,4 @@
|
||||
o Minor bugfixes (onion services v3):
|
||||
- Fix assertion failure that could result from a corrupted ADD_ONION control
|
||||
port command. Found by Saibato. Fixes bug 33137; bugfix on
|
||||
0.3.3.1-alpha. This issue is also being tracked as TROVE-2020-003.
|
@ -3578,6 +3578,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
|
||||
log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
|
||||
ret = RSAE_BADPRIVKEY;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Make sure we have at least one port. */
|
||||
if (smartlist_len(service->config.ports) == 0) {
|
||||
log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
|
||||
|
Loading…
Reference in New Issue
Block a user