mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
hs_pow: fix insufficient length check in pow-params
The descriptor validation table had an out of date minimum length for pow-params (3) whereas the spec and the current code expect at least 4 parameters. This was an opportunity for a malicious service to cause an assert failure in clients which attempted to parse its descriptor. Addresses issue #40793 Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
This commit is contained in:
parent
34da50718a
commit
459b775a7e
@ -155,7 +155,7 @@ static token_rule_t hs_desc_encrypted_v3_token_table[] = {
|
||||
T01(str_intro_auth_required, R3_INTRO_AUTH_REQUIRED, GE(1), NO_OBJ),
|
||||
T01(str_single_onion, R3_SINGLE_ONION_SERVICE, ARGS, NO_OBJ),
|
||||
T01(str_flow_control, R3_FLOW_CONTROL, GE(2), NO_OBJ),
|
||||
T01(str_pow_params, R3_POW_PARAMS, GE(3), NO_OBJ),
|
||||
T01(str_pow_params, R3_POW_PARAMS, GE(4), NO_OBJ),
|
||||
END_OF_TABLE
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user