nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 05:26:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug in verifying directory signatures with short digests

Browse Source 
If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.

Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
This commit is contained in:
Nick Mathewson 2011-01-25 17:15:22 -05:00
parent 7a446e6754
commit 71862ed763
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug2409 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes
- Resolve a bug in verifying signatures of directory objects
with digests longer than SHA1. Bugfix on 0.2.2.20-alpha;
fixes bug 2409; found by "piebeer".

2
src/or/routerparse.c
View File

@ -1088,7 +1088,7 @@ check_signature_token(const char *digest,
signed_digest = tor_malloc(keysize);
if (crypto_pk_public_checksig(pkey, signed_digest, keysize,
tok->object_body, tok->object_size)
< DIGEST_LEN) {
< digest_len) {
log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
tor_free(signed_digest);
return -1;