nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix undefined behavior caused by memory overlap

Browse Source 
The tor_cert_get_checkable_sig function uses the signing key included in
the certificate (if available) when a separate public key is not given.

When the signature is valid, the tor_cert_checksig function copies the
public key from the checkable structure to the public key field of the
certificate signing key.

In situations where the separate public key is not given but the
certificate includes a signing key, the source and destination pointers
in the copy operation are equal and invoke undefined behavior.

Undefined behaviour is avoided by ensuring both pointers are different.
This commit is contained in:
cypherpunks 2015-07-17 11:53:12 +02:00 committed by Nick Mathewson
parent 232ccc18c4
commit be0891667e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/or/torcert.c
View File

@ -206,7 +206,11 @@ tor_cert_checksig(tor_cert_t *cert,
return -1;
} else {
cert->sig_ok = 1;
memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
/* Only copy the checkable public key when it is different from the signing
* key of the certificate to avoid undefined behavior. */
if (cert->signing_key.pubkey != checkable.pubkey->pubkey) {
memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
}
cert->cert_valid = 1;
return 0;
}