nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 05:26:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Hidden service operators had a bug in version 1 style INTRODUCE cells

Browse Source 
that made them fail. Fix the bug, and revert clients to use version 0
until 0.0.9pre4 is obsolete.


svn:r2641
This commit is contained in:
Roger Dingledine 2004-11-01 21:46:27 +00:00
parent ce79bab7f1
commit b390786582
3 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/or/or.h
View File

@ -128,7 +128,7 @@
#define DEFAULT_BANDWIDTH_OP (1024 * 1000) #define DEFAULT_BANDWIDTH_OP (1024 * 1000)
#define MAX_NICKNAME_LEN 19 #define MAX_NICKNAME_LEN 19
/* Hex digest plus dollar sign. */ /* Hex digest plus dollar sign. */
#define MAX_HEX_NICKNAME_LEN HEX_DIGEST_LEN+1 #define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)
#define MAX_DIR_SIZE 500000 #define MAX_DIR_SIZE 500000
#ifdef TOR_PERF #ifdef TOR_PERF

13
src/or/rendclient.c
View File

@ -92,11 +92,20 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
} }
/* write the remaining items into tmp */ /* write the remaining items into tmp */
#if 0 /* switch over when 0.0.9pre4 is obsolete */
tmp[0] = 1; /* version 1 of the cell format */ tmp[0] = 1; /* version 1 of the cell format */
strncpy(tmp+1, rendcirc->build_state->chosen_exit_name, (MAX_HEX_NICKNAME_LEN+1)); /* nul pads */ strncpy(tmp+1, rendcirc->build_state->chosen_exit_name, (MAX_HEX_NICKNAME_LEN+1)); /* nul pads */
memcpy(tmp+1+MAX_HEX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN); memcpy(tmp+1+MAX_HEX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN);
#else
strncpy(tmp, rendcirc->build_state->chosen_exit_name, (MAX_NICKNAME_LEN+1)); /* nul pads */
memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN);
#endif
if (crypto_dh_get_public(cpath->handshake_state, if (crypto_dh_get_public(cpath->handshake_state,
#if 0
tmp+1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN, tmp+1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN,
#else
tmp+MAX_NICKNAME_LEN+1+REND_COOKIE_LEN,
#endif
DH_KEY_LEN)<0) { DH_KEY_LEN)<0) {
log_fn(LOG_WARN, "Couldn't extract g^x"); log_fn(LOG_WARN, "Couldn't extract g^x");
goto err; goto err;
@ -105,7 +114,11 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
/*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg, /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
* to avoid buffer overflows? */ * to avoid buffer overflows? */
r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, tmp, r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, tmp,
#if 0
1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN, 1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN,
#else
MAX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN,
#endif
payload+DIGEST_LEN, payload+DIGEST_LEN,
PK_PKCS1_OAEP_PADDING, 0); PK_PKCS1_OAEP_PADDING, 0);
if (r<0) { if (r<0) {

3
src/or/rendservice.c
View File

@ -418,8 +418,7 @@ rend_service_introduce(circuit_t *circuit, const char *request, size_t request_l
return -1; return -1;
} }
if ((version == 0 && !is_legal_nickname(rp_nickname)) || if ((version == 0 && !is_legal_nickname(rp_nickname)) ||
(version == 1 && !is_legal_nickname_or_hexdigest(rp_nickname)) || (version == 1 && !is_legal_nickname_or_hexdigest(rp_nickname))) {
(int)strspn(buf,LEGAL_NICKNAME_CHARACTERS) != ptr-buf) {
log_fn(LOG_WARN, "Bad nickname in INTRODUCE2 cell."); log_fn(LOG_WARN, "Bad nickname in INTRODUCE2 cell.");
return -1; return -1;
} }