mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Merge branch 'maint-0.4.3'
This commit is contained in:
commit
270fe01557
4
changes/trove_2020_003
Normal file
4
changes/trove_2020_003
Normal file
@ -0,0 +1,4 @@
|
||||
o Minor bugfixes (onion services v3):
|
||||
- Fix assertion failure that could result from a corrupted ADD_ONION control
|
||||
port command. Found by Saibato. Fixes bug 33137; bugfix on
|
||||
0.3.3.1-alpha. This issue is also being tracked as TROVE-2020-003.
|
@ -1848,7 +1848,7 @@ hs_client_decode_descriptor(const char *desc_str,
|
||||
hs_subcredential_t subcredential;
|
||||
ed25519_public_key_t blinded_pubkey;
|
||||
hs_client_service_authorization_t *client_auth = NULL;
|
||||
curve25519_secret_key_t *client_auht_sk = NULL;
|
||||
curve25519_secret_key_t *client_auth_sk = NULL;
|
||||
|
||||
tor_assert(desc_str);
|
||||
tor_assert(service_identity_pk);
|
||||
@ -1857,7 +1857,7 @@ hs_client_decode_descriptor(const char *desc_str,
|
||||
/* Check if we have a client authorization for this service in the map. */
|
||||
client_auth = find_client_auth(service_identity_pk);
|
||||
if (client_auth) {
|
||||
client_auht_sk = &client_auth->enc_seckey;
|
||||
client_auth_sk = &client_auth->enc_seckey;
|
||||
}
|
||||
|
||||
/* Create subcredential for this HS so that we can decrypt */
|
||||
@ -1870,7 +1870,7 @@ hs_client_decode_descriptor(const char *desc_str,
|
||||
|
||||
/* Parse descriptor */
|
||||
ret = hs_desc_decode_descriptor(desc_str, &subcredential,
|
||||
client_auht_sk, desc);
|
||||
client_auth_sk, desc);
|
||||
memwipe(&subcredential, 0, sizeof(subcredential));
|
||||
if (ret != HS_DESC_DECODE_OK) {
|
||||
goto err;
|
||||
|
@ -3661,6 +3661,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
|
||||
log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
|
||||
ret = RSAE_BADPRIVKEY;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Make sure we have at least one port. */
|
||||
if (smartlist_len(service->config.ports) == 0) {
|
||||
log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
|
||||
|
@ -795,7 +795,7 @@ ed25519_point_is_identity_element(const uint8_t *point)
|
||||
int
|
||||
ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
|
||||
{
|
||||
uint8_t result[32] = {9};
|
||||
uint8_t result[32] = {0};
|
||||
|
||||
/* First check that we were not given the identity element */
|
||||
if (ed25519_point_is_identity_element(pubkey->pubkey)) {
|
||||
|
Loading…
Reference in New Issue
Block a user