mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-11 05:33:47 +01:00
hs-v3: Code improvement for INTRO2 MAC validation
Pointed by nickm during the review of #32709. Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
02f1caa583
commit
780e498f76
@ -776,6 +776,12 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data,
|
||||
* in the cell is at the end of the encrypted section. */
|
||||
{
|
||||
uint8_t mac[DIGEST256_LEN];
|
||||
|
||||
/* Make sure we are now about to underflow. */
|
||||
if (encrypted_section_len < sizeof(mac)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* The MAC field is at the very end of the ENCRYPTED section. */
|
||||
size_t mac_offset = encrypted_section_len - sizeof(mac);
|
||||
/* Compute the MAC. Use the entire encoded payload with a length up to the
|
||||
@ -785,7 +791,7 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data,
|
||||
encrypted_section, encrypted_section_len,
|
||||
intro_keys->mac_key, sizeof(intro_keys->mac_key),
|
||||
mac, sizeof(mac));
|
||||
if (tor_memcmp(mac, encrypted_section + mac_offset, sizeof(mac))) {
|
||||
if (tor_memneq(mac, encrypted_section + mac_offset, sizeof(mac))) {
|
||||
log_info(LD_REND, "Invalid MAC validation for INTRODUCE2 cell");
|
||||
goto err;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user