mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 14:23:30 +01:00
Fix a bug in parsing HashedControlPassword.
svn:r3143
This commit is contained in:
parent
6cc7d32afc
commit
1e71b83890
@ -1402,9 +1402,7 @@ options_validate(or_options_t *options)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (options->HashedControlPassword) {
|
if (options->HashedControlPassword) {
|
||||||
char buf[S2K_SPECIFIER_LEN+DIGEST_LEN];
|
if (decode_hashed_password(NULL, options->HashedControlPassword)<0) {
|
||||||
if (base64_decode(buf,sizeof(buf),options->HashedControlPassword,
|
|
||||||
strlen(options->HashedControlPassword)!=sizeof(buf))) {
|
|
||||||
log_fn(LOG_WARN,"Bad HashedControlPassword: wrong length or bad base64");
|
log_fn(LOG_WARN,"Bad HashedControlPassword: wrong length or bad base64");
|
||||||
result = -1;
|
result = -1;
|
||||||
}
|
}
|
||||||
|
@ -324,6 +324,31 @@ handle_control_setevents(connection_t *conn, uint16_t len, const char *body)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Decode the hashed, base64'd password stored in <b>hashed</b>. If
|
||||||
|
* <b>buf</b> is provided, store the hashed password in the first
|
||||||
|
* S2K_SPECIFIER_LEN+DIGEST_LEN bytes of <b>buf</b>. Return 0 on
|
||||||
|
* success, -1 on failure.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
decode_hashed_password(char *buf, const char *hashed)
|
||||||
|
{
|
||||||
|
size_t len = strlen(hashed)+2;
|
||||||
|
char *base64 = tor_malloc(len);
|
||||||
|
char decoded[64];
|
||||||
|
int r;
|
||||||
|
if (tor_snprintf(base64, len, "%s\n", hashed)<0)
|
||||||
|
return -1;
|
||||||
|
if ((r = base64_decode(decoded, sizeof(decoded),
|
||||||
|
base64, strlen(base64))) !=
|
||||||
|
S2K_SPECIFIER_LEN+DIGEST_LEN) {
|
||||||
|
printf("BB %d\n",r);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (buf)
|
||||||
|
memcpy(buf, decoded, sizeof(decoded));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/** Called when we get an AUTHENTICATE message. Check whether the
|
/** Called when we get an AUTHENTICATE message. Check whether the
|
||||||
* authentication is valid, and if so, update the connection's state to
|
* authentication is valid, and if so, update the connection's state to
|
||||||
* OPEN. Reply with DONE or ERROR.
|
* OPEN. Reply with DONE or ERROR.
|
||||||
@ -340,9 +365,7 @@ handle_control_authenticate(connection_t *conn, uint16_t len, const char *body)
|
|||||||
} else if (options->HashedControlPassword) {
|
} else if (options->HashedControlPassword) {
|
||||||
char expected[S2K_SPECIFIER_LEN+DIGEST_LEN];
|
char expected[S2K_SPECIFIER_LEN+DIGEST_LEN];
|
||||||
char received[DIGEST_LEN];
|
char received[DIGEST_LEN];
|
||||||
if (base64_decode(expected,sizeof(expected),
|
if (decode_hashed_password(expected, options->HashedControlPassword)<0) {
|
||||||
options->HashedControlPassword,
|
|
||||||
strlen(options->HashedControlPassword))<0) {
|
|
||||||
log_fn(LOG_WARN,"Couldn't decode HashedControlPassword: invalid base64");
|
log_fn(LOG_WARN,"Couldn't decode HashedControlPassword: invalid base64");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
@ -1294,6 +1294,7 @@ int control_event_bandwidth_used(uint32_t n_read, uint32_t n_written);
|
|||||||
void control_event_logmsg(int severity, const char *msg);
|
void control_event_logmsg(int severity, const char *msg);
|
||||||
|
|
||||||
int init_cookie_authentication(int enabled);
|
int init_cookie_authentication(int enabled);
|
||||||
|
int decode_hashed_password(char *buf, const char *hashed);
|
||||||
|
|
||||||
/********************************* cpuworker.c *****************************/
|
/********************************* cpuworker.c *****************************/
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user