Merge remote-tracking branch 'dgoulet/bug19066_029_01'

This commit is contained in:
Nick Mathewson 2016-05-23 10:45:13 -04:00
commit 2a884926c0
2 changed files with 10 additions and 3 deletions

5
changes/bug19066 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes (directory authority):
- When parsing detached signature, make sure we use the length of the
digest algorithm instead of an hardcoded DIGEST256_LEN in order to
avoid comparing bytes out of bound with a smaller digest length such
as SHA1. Fixes #19066; bugfix on tor-0.2.2.6-alpha.

View File

@ -3508,7 +3508,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
digest_algorithm_t alg;
const char *flavor;
const char *hexdigest;
size_t expected_length;
size_t expected_length, digest_length;
tok = _tok;
@ -3533,6 +3533,8 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
expected_length =
(alg == DIGEST_SHA1) ? HEX_DIGEST_LEN : HEX_DIGEST256_LEN;
digest_length =
(alg == DIGEST_SHA1) ? DIGEST_LEN : DIGEST256_LEN;
if (strlen(hexdigest) != expected_length) {
log_warn(LD_DIR, "Wrong length on consensus-digest in detached "
@ -3541,12 +3543,12 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
}
digests = detached_get_digests(sigs, flavor);
tor_assert(digests);
if (!tor_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
if (!tor_mem_is_zero(digests->d[alg], digest_length)) {
log_warn(LD_DIR, "Multiple digests for %s with %s on detached "
"signatures document", flavor, algname);
continue;
}
if (base16_decode(digests->d[alg], DIGEST256_LEN,
if (base16_decode(digests->d[alg], digest_length,
hexdigest, strlen(hexdigest)) < 0) {
log_warn(LD_DIR, "Bad encoding on consensus-digest in detached "
"networkstatus signatures");