nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.4.1' into maint-0.4.2

Browse Source
This commit is contained in:
Nick Mathewson 2020-03-17 11:45:16 -04:00
commit e15a621ac8
4 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/trove_2020_003 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (onion services v3):
- Fix assertion failure that could result from a corrupted ADD_ONION control
port command. Found by Saibato. Fixes bug 33137; bugfix on
0.3.3.1-alpha. This issue is also being tracked as TROVE-2020-003.

6
src/feature/hs/hs_client.c
View File

@ -1274,7 +1274,7 @@ hs_client_decode_descriptor(const char *desc_str,
uint8_t subcredential[DIGEST256_LEN];
ed25519_public_key_t blinded_pubkey;
hs_client_service_authorization_t *client_auth = NULL;
curve25519_secret_key_t *client_auht_sk = NULL;
curve25519_secret_key_t *client_auth_sk = NULL;
tor_assert(desc_str);
tor_assert(service_identity_pk);
@ -1283,7 +1283,7 @@ hs_client_decode_descriptor(const char *desc_str,
/* Check if we have a client authorization for this service in the map. */
client_auth = find_client_auth(service_identity_pk);
if (client_auth) {
client_auht_sk = &client_auth->enc_seckey;
client_auth_sk = &client_auth->enc_seckey;
}
/* Create subcredential for this HS so that we can decrypt */
@ -1296,7 +1296,7 @@ hs_client_decode_descriptor(const char *desc_str,
/* Parse descriptor */
ret = hs_desc_decode_descriptor(desc_str, subcredential,
client_auht_sk, desc);
client_auth_sk, desc);
memwipe(subcredential, 0, sizeof(subcredential));
if (ret < 0) {
goto err;

6
src/feature/hs/hs_service.c
View File

@ -3565,6 +3565,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
goto err;
}
if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
ret = RSAE_BADPRIVKEY;
goto err;
}
/* Make sure we have at least one port. */
if (smartlist_len(service->config.ports) == 0) {
log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "

2
src/lib/crypt_ops/crypto_ed25519.c
View File

@ -795,7 +795,7 @@ ed25519_point_is_identity_element(const uint8_t *point)
int
ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
{
uint8_t result[32] = {9};
uint8_t result[32] = {0};
/* First check that we were not given the identity element */
if (ed25519_point_is_identity_element(pubkey->pubkey)) {