diff --git a/changes/bug19066 b/changes/bug19066 new file mode 100644 index 0000000000..c3d1fc789a --- /dev/null +++ b/changes/bug19066 @@ -0,0 +1,5 @@ + o Minor bugfixes (directory authority): + - When parsing detached signature, make sure we use the length of the + digest algorithm instead of an hardcoded DIGEST256_LEN in order to + avoid comparing bytes out of bound with a smaller digest length such + as SHA1. Fixes #19066; bugfix on tor-0.2.2.6-alpha. diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 95c241d10d..42b05835ad 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -3508,7 +3508,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos) digest_algorithm_t alg; const char *flavor; const char *hexdigest; - size_t expected_length; + size_t expected_length, digest_length; tok = _tok; @@ -3533,6 +3533,8 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos) expected_length = (alg == DIGEST_SHA1) ? HEX_DIGEST_LEN : HEX_DIGEST256_LEN; + digest_length = + (alg == DIGEST_SHA1) ? DIGEST_LEN : DIGEST256_LEN; if (strlen(hexdigest) != expected_length) { log_warn(LD_DIR, "Wrong length on consensus-digest in detached " @@ -3541,12 +3543,12 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos) } digests = detached_get_digests(sigs, flavor); tor_assert(digests); - if (!tor_mem_is_zero(digests->d[alg], DIGEST256_LEN)) { + if (!tor_mem_is_zero(digests->d[alg], digest_length)) { log_warn(LD_DIR, "Multiple digests for %s with %s on detached " "signatures document", flavor, algname); continue; } - if (base16_decode(digests->d[alg], DIGEST256_LEN, + if (base16_decode(digests->d[alg], digest_length, hexdigest, strlen(hexdigest)) < 0) { log_warn(LD_DIR, "Bad encoding on consensus-digest in detached " "networkstatus signatures");