mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 12:23:32 +01:00
Fix bug in verifying directory signatures with short digests
If we got a signed digest that was shorter than the required digest length, but longer than 20 bytes, we would accept it as long enough.... and then immediately fail when we want to check it. Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
This commit is contained in:
parent
7a446e6754
commit
71862ed763
4
changes/bug2409
Normal file
4
changes/bug2409
Normal file
@ -0,0 +1,4 @@
|
||||
o Minor bugfixes
|
||||
- Resolve a bug in verifying signatures of directory objects
|
||||
with digests longer than SHA1. Bugfix on 0.2.2.20-alpha;
|
||||
fixes bug 2409; found by "piebeer".
|
@ -1088,7 +1088,7 @@ check_signature_token(const char *digest,
|
||||
signed_digest = tor_malloc(keysize);
|
||||
if (crypto_pk_public_checksig(pkey, signed_digest, keysize,
|
||||
tok->object_body, tok->object_size)
|
||||
< DIGEST_LEN) {
|
||||
< digest_len) {
|
||||
log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
|
||||
tor_free(signed_digest);
|
||||
return -1;
|
||||
|
Loading…
Reference in New Issue
Block a user