mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-14 15:23:27 +01:00
Fix a stack-protector warning: don't use a variable-length buffer
Instead, define a maximum size, and enforce it with an assertion.
This commit is contained in:
parent
ed1d630f0e
commit
4d994e7a9c
@ -521,6 +521,11 @@ onion_skin_create(int type,
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* This is the maximum value for keys_out_len passed to
|
||||||
|
* onion_skin_server_handshake, plus 16. We can make it bigger if needed:
|
||||||
|
* It just defines how many bytes to stack-allocate. */
|
||||||
|
#define MAX_KEYS_TMP_LEN 128
|
||||||
|
|
||||||
/** Perform the second (server-side) step of a circuit-creation handshake of
|
/** Perform the second (server-side) step of a circuit-creation handshake of
|
||||||
* type <b>type</b>, responding to the client request in <b>onion_skin</b>
|
* type <b>type</b>, responding to the client request in <b>onion_skin</b>
|
||||||
* using the keys in <b>keys</b>. On success, write our response into
|
* using the keys in <b>keys</b>. On success, write our response into
|
||||||
@ -563,7 +568,8 @@ onion_skin_server_handshake(int type,
|
|||||||
return -1;
|
return -1;
|
||||||
{
|
{
|
||||||
size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
|
size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
|
||||||
uint8_t keys_tmp[keys_tmp_len];
|
tor_assert(keys_tmp_len <= MAX_KEYS_TMP_LEN);
|
||||||
|
uint8_t keys_tmp[MAX_KEYS_TMP_LEN];
|
||||||
|
|
||||||
if (onion_skin_ntor_server_handshake(
|
if (onion_skin_ntor_server_handshake(
|
||||||
onion_skin, keys->curve25519_key_map,
|
onion_skin, keys->curve25519_key_map,
|
||||||
@ -573,9 +579,10 @@ onion_skin_server_handshake(int type,
|
|||||||
/* no need to memwipe here, since the output will never be used */
|
/* no need to memwipe here, since the output will never be used */
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(keys_out, keys_tmp, keys_out_len);
|
memcpy(keys_out, keys_tmp, keys_out_len);
|
||||||
memcpy(rend_nonce_out, keys_tmp+keys_out_len, DIGEST_LEN);
|
memcpy(rend_nonce_out, keys_tmp+keys_out_len, DIGEST_LEN);
|
||||||
memwipe(keys_tmp, 0, keys_tmp_len);
|
memwipe(keys_tmp, 0, sizeof(keys_tmp));
|
||||||
r = NTOR_REPLY_LEN;
|
r = NTOR_REPLY_LEN;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user