nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

hs-v3: Code improvement for INTRO2 MAC validation

Browse Source 
Pointed by nickm during the review of #32709.

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2020-01-14 12:42:09 -05:00 committed by Nick Mathewson
parent 02f1caa583
commit 780e498f76
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/feature/hs/hs_cell.c
View File

@ -776,6 +776,12 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data,
* in the cell is at the end of the encrypted section. */ * in the cell is at the end of the encrypted section. */
{ {
uint8_t mac[DIGEST256_LEN]; uint8_t mac[DIGEST256_LEN];
/* Make sure we are now about to underflow. */
if (encrypted_section_len < sizeof(mac)) {
goto err;
}
/* The MAC field is at the very end of the ENCRYPTED section. */ /* The MAC field is at the very end of the ENCRYPTED section. */
size_t mac_offset = encrypted_section_len - sizeof(mac); size_t mac_offset = encrypted_section_len - sizeof(mac);
/* Compute the MAC. Use the entire encoded payload with a length up to the /* Compute the MAC. Use the entire encoded payload with a length up to the
@ -785,7 +791,7 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data,
encrypted_section, encrypted_section_len, encrypted_section, encrypted_section_len,
intro_keys->mac_key, sizeof(intro_keys->mac_key), intro_keys->mac_key, sizeof(intro_keys->mac_key),
mac, sizeof(mac)); mac, sizeof(mac));
if (tor_memcmp(mac, encrypted_section + mac_offset, sizeof(mac))) { if (tor_memneq(mac, encrypted_section + mac_offset, sizeof(mac))) {
log_info(LD_REND, "Invalid MAC validation for INTRODUCE2 cell"); log_info(LD_REND, "Invalid MAC validation for INTRODUCE2 cell");
goto err; goto err;
} }