Merge remote-tracking branch 'origin/maint-0.2.2'

2024-09-21 13:34:59 +02:00 · 2011-11-07 10:44:02 -05:00 · 2011-11-07 10:44:02 -05:00 · 51f53b590e
commit 51f53b590e
parent 350fe95259 4d8306e0e9
2 changed files with 10 additions and 0 deletions
--- a/changes/bug4410
+++ b/changes/bug4410
@ -0,0 +1,5 @@
+  o Major bugfixes:
+    - Correctly sanity-check that we don't underflow on a memory allocation
+      for introduction point decryption. Bug discovered by Dan Rosenberg.
+      Fixes bug 4410; bugfix on 0.2.1.5-alpha.
+
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@ -4886,6 +4886,11 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
    crypto_cipher_env_t *cipher;
    char *dec;
    int declen;
+    if (ipos_encrypted_size < CIPHER_IV_LEN + 2) {
+      log_warn(LD_REND, "Size of encrypted introduction points is too "
+                        "small.");
+      return -1;
+    }
    dec = tor_malloc_zero(ipos_encrypted_size - CIPHER_IV_LEN - 1);
    cipher = crypto_create_init_cipher(descriptor_cookie, 0);
    declen = crypto_cipher_decrypt_with_iv(cipher, dec,