nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-23 20:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Properly handle non-terminated strings

Browse Source 
Treat strings returned from signed_descriptor_get_body_impl() as not
NUL-terminated. Since the length of the strings is available, this is
not a big problem.

Discovered by rieo.
This commit is contained in:
Sebastian Hahn 2010-02-25 10:31:36 +01:00
parent 86828e2004
commit b67657bd95
5 changed files with 31 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -9,6 +9,8 @@ Changes in version 0.2.1.25 - 2010-??-??
fixes bug 1255. fixes bug 1255.
- Fix another dereference-then-NULL-check sequence. Bugfix on - Fix another dereference-then-NULL-check sequence. Bugfix on
0.2.1.14-rc. Discovered by ekir, fixes bug 1256. 0.2.1.14-rc. Discovered by ekir, fixes bug 1256.
- Make sure we treat potentially not NUL-terminated strings correctly.
Bugfix on 0.1.1.13-alpha. Discovered by rieo, fixes bug 1257.
Changes in version 0.2.1.24 - 2010-02-21 Changes in version 0.2.1.24 - 2010-02-21
Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time

2
src/or/or.h
View File

@ -4566,7 +4566,7 @@ typedef struct tor_version_t {
int svn_revision; int svn_revision;
} tor_version_t; } tor_version_t;
int router_get_router_hash(const char *s, char *digest); int router_get_router_hash(const char *s, size_t s_len, char *digest);
int router_get_dir_hash(const char *s, char *digest); int router_get_dir_hash(const char *s, char *digest);
int router_get_runningrouters_hash(const char *s, char *digest); int router_get_runningrouters_hash(const char *s, char *digest);
int router_get_networkstatus_v2_hash(const char *s, char *digest); int router_get_networkstatus_v2_hash(const char *s, char *digest);

3
src/or/router.c
View File

@ -1418,6 +1418,7 @@ router_rebuild_descriptor(int force)
ei->cache_info.send_unencrypted = 1; ei->cache_info.send_unencrypted = 1;
router_get_router_hash(ri->cache_info.signed_descriptor_body, router_get_router_hash(ri->cache_info.signed_descriptor_body,
strlen(ri->cache_info.signed_descriptor_body),
ri->cache_info.signed_descriptor_digest); ri->cache_info.signed_descriptor_digest);
routerinfo_set_country(ri); routerinfo_set_country(ri);
@ -1784,7 +1785,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
strlcpy(s+written, "router-signature\n", maxlen-written); strlcpy(s+written, "router-signature\n", maxlen-written);
written += strlen(s+written); written += strlen(s+written);
s[written] = '\0'; s[written] = '\0';
if (router_get_router_hash(s, digest) < 0) { if (router_get_router_hash(s, strlen(s), digest) < 0) {
return -1; return -1;
} }

2
src/or/routerlist.c
View File

@ -577,8 +577,6 @@ signed_desc_append_to_journal(signed_descriptor_t *desc,
const char *body = signed_descriptor_get_body_impl(desc,1); const char *body = signed_descriptor_get_body_impl(desc,1);
size_t len = desc->signed_descriptor_len + desc->annotations_len; size_t len = desc->signed_descriptor_len + desc->annotations_len;
tor_assert(len == strlen(body));
if (append_bytes_to_file(fname, body, len, 1)) { if (append_bytes_to_file(fname, body, len, 1)) {
log_warn(LD_FS, "Unable to store router descriptor"); log_warn(LD_FS, "Unable to store router descriptor");
tor_free(fname); tor_free(fname);

45
src/or/routerparse.c
View File

@ -451,9 +451,10 @@ static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok);
static addr_policy_t *router_parse_addr_policy(directory_token_t *tok); static addr_policy_t *router_parse_addr_policy(directory_token_t *tok);
static addr_policy_t *router_parse_addr_policy_private(directory_token_t *tok); static addr_policy_t *router_parse_addr_policy_private(directory_token_t *tok);
static int router_get_hash_impl(const char *s, char *digest, static int router_get_hash_impl(const char *s, size_t s_len, char *digest,
const char *start_str, const char *end_str, const char *start_str, const char *end_str,
char end_char); char end_char);
static void token_free(directory_token_t *tok); static void token_free(directory_token_t *tok);
static smartlist_t *find_all_exitpolicy(smartlist_t *s); static smartlist_t *find_all_exitpolicy(smartlist_t *s);
static directory_token_t *_find_by_keyword(smartlist_t *s, static directory_token_t *_find_by_keyword(smartlist_t *s,
@ -504,7 +505,7 @@ static int tor_version_same_series(tor_version_t *a, tor_version_t *b);
int int
router_get_dir_hash(const char *s, char *digest) router_get_dir_hash(const char *s, char *digest)
{ {
return router_get_hash_impl(s,digest, return router_get_hash_impl(s, strlen(s), digest,
"signed-directory","\ndirectory-signature",'\n'); "signed-directory","\ndirectory-signature",'\n');
} }
@ -512,9 +513,9 @@ router_get_dir_hash(const char *s, char *digest)
* <b>s</b>. Return 0 on success, -1 on failure. * <b>s</b>. Return 0 on success, -1 on failure.
*/ */
int int
router_get_router_hash(const char *s, char *digest) router_get_router_hash(const char *s, size_t s_len, char *digest)
{ {
return router_get_hash_impl(s,digest, return router_get_hash_impl(s, s_len, digest,
"router ","\nrouter-signature", '\n'); "router ","\nrouter-signature", '\n');
} }
@ -524,7 +525,7 @@ router_get_router_hash(const char *s, char *digest)
int int
router_get_runningrouters_hash(const char *s, char *digest) router_get_runningrouters_hash(const char *s, char *digest)
{ {
return router_get_hash_impl(s,digest, return router_get_hash_impl(s, strlen(s), digest,
"network-status","\ndirectory-signature", '\n'); "network-status","\ndirectory-signature", '\n');
} }
@ -533,7 +534,7 @@ router_get_runningrouters_hash(const char *s, char *digest)
int int
router_get_networkstatus_v2_hash(const char *s, char *digest) router_get_networkstatus_v2_hash(const char *s, char *digest)
{ {
return router_get_hash_impl(s,digest, return router_get_hash_impl(s, strlen(s), digest,
"network-status-version","\ndirectory-signature", "network-status-version","\ndirectory-signature",
'\n'); '\n');
} }
@ -543,8 +544,9 @@ router_get_networkstatus_v2_hash(const char *s, char *digest)
int int
router_get_networkstatus_v3_hash(const char *s, char *digest) router_get_networkstatus_v3_hash(const char *s, char *digest)
{ {
return router_get_hash_impl(s,digest, return router_get_hash_impl(s, strlen(s), digest,
"network-status-version","\ndirectory-signature", "network-status-version",
"\ndirectory-signature",
' '); ' ');
} }
@ -553,7 +555,8 @@ router_get_networkstatus_v3_hash(const char *s, char *digest)
int int
router_get_extrainfo_hash(const char *s, char *digest) router_get_extrainfo_hash(const char *s, char *digest)
{ {
return router_get_hash_impl(s,digest,"extra-info","\nrouter-signature",'\n'); return router_get_hash_impl(s, strlen(s), digest, "extra-info",
"\nrouter-signature",'\n');
} }
/** Helper: used to generate signatures for routers, directories and /** Helper: used to generate signatures for routers, directories and
@ -1118,6 +1121,8 @@ dump_distinct_digest_count(int severity)
* s through end into the signed_descriptor_body of the resulting * s through end into the signed_descriptor_body of the resulting
* routerinfo_t. * routerinfo_t.
* *
* If <b>end</b> is NULL, <b>s</b> must be properly NULL-terminated.
*
* If <b>allow_annotations</b>, it's okay to encounter annotations in <b>s</b> * If <b>allow_annotations</b>, it's okay to encounter annotations in <b>s</b>
* before the router; if it's false, reject the router if it's annotated. If * before the router; if it's false, reject the router if it's annotated. If
* <b>prepend_annotations</b> is set, it should contain some annotations: * <b>prepend_annotations</b> is set, it should contain some annotations:
@ -1180,7 +1185,7 @@ router_parse_entry_from_string(const char *s, const char *end,
} }
} }
if (router_get_router_hash(s, digest) < 0) { if (router_get_router_hash(s, end - s, digest) < 0) {
log_warn(LD_DIR, "Couldn't compute router hash."); log_warn(LD_DIR, "Couldn't compute router hash.");
goto err; goto err;
} }
@ -1600,7 +1605,7 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
log_warn(LD_DIR, "Error tokenizing key certificate"); log_warn(LD_DIR, "Error tokenizing key certificate");
goto err; goto err;
} }
if (router_get_hash_impl(s, digest, "dir-key-certificate-version", if (router_get_hash_impl(s, strlen(s), digest, "dir-key-certificate-version",
"\ndir-key-certification", '\n') < 0) "\ndir-key-certification", '\n') < 0)
goto err; goto err;
tok = smartlist_get(tokens, 0); tok = smartlist_get(tokens, 0);
@ -2159,6 +2164,7 @@ networkstatus_v2_parse_from_string(const char *s)
return ns; return ns;
} }
/** Parse a v3 networkstatus vote, opinion, or consensus (depending on /** Parse a v3 networkstatus vote, opinion, or consensus (depending on
* ns_type), from <b>s</b>, and return the result. Return NULL on failure. */ * ns_type), from <b>s</b>, and return the result. Return NULL on failure. */
networkstatus_t * networkstatus_t *
@ -3295,12 +3301,12 @@ find_all_exitpolicy(smartlist_t *s)
* If no such substring exists, return -1. * If no such substring exists, return -1.
*/ */
static int static int
router_get_hash_impl(const char *s, char *digest, router_get_hash_impl(const char *s, size_t s_len, char *digest,
const char *start_str, const char *start_str,
const char *end_str, char end_c) const char *end_str, char end_c)
{ {
char *start, *end; const char *start, *end;
start = strstr(s, start_str); start = tor_memstr(s, s_len, start_str);
if (!start) { if (!start) {
log_warn(LD_DIR,"couldn't find start of hashed material \"%s\"",start_str); log_warn(LD_DIR,"couldn't find start of hashed material \"%s\"",start_str);
return -1; return -1;
@ -3311,12 +3317,13 @@ router_get_hash_impl(const char *s, char *digest,
start_str); start_str);
return -1; return -1;
} }
end = strstr(start+strlen(start_str), end_str); end = tor_memstr(start+strlen(start_str),
s_len - (start-s) - strlen(start_str), end_str);
if (!end) { if (!end) {
log_warn(LD_DIR,"couldn't find end of hashed material \"%s\"",end_str); log_warn(LD_DIR,"couldn't find end of hashed material \"%s\"",end_str);
return -1; return -1;
} }
end = strchr(end+strlen(end_str), end_c); end = memchr(end+strlen(end_str), end_c, s_len - (end-s) - strlen(end_str));
if (!end) { if (!end) {
log_warn(LD_DIR,"couldn't find EOL"); log_warn(LD_DIR,"couldn't find EOL");
return -1; return -1;
@ -3564,7 +3571,7 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
goto err; goto err;
} }
/* Compute descriptor hash for later validation. */ /* Compute descriptor hash for later validation. */
if (router_get_hash_impl(desc, desc_hash, if (router_get_hash_impl(desc, strlen(desc), desc_hash,
"rendezvous-service-descriptor ", "rendezvous-service-descriptor ",
"\nsignature", '\n') < 0) { "\nsignature", '\n') < 0) {
log_warn(LD_REND, "Couldn't compute descriptor hash."); log_warn(LD_REND, "Couldn't compute descriptor hash.");