mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-12-01 08:03:31 +01:00
Resolve task 42: find where 19-char nicknames were getting truncated when read from certs, and fix it. Also audit use of MAX_NICKNAME_LEN; no other badness found, but some docs/code cleaned up a touch.
svn:r3244
This commit is contained in:
parent
59504f4831
commit
fca7ba9777
@ -586,8 +586,10 @@ tor_tls_peer_has_cert(tor_tls *tls)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return the nickname (if any) that the peer connected on <b>tls</b>
|
/** Write the nickname (if any) that the peer connected on <b>tls</b>
|
||||||
* claims to have.
|
* claims to have into the first <b>buflen</b> characters of <b>buf</b>.
|
||||||
|
* Truncate the nickname if it is longer than buflen-1 characters. Always
|
||||||
|
* NUL-terminate. Return 0 on success, -1 on failure.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, size_t buflen)
|
tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, size_t buflen)
|
||||||
|
@ -927,7 +927,7 @@ resolve_my_address(const char *address, uint32_t *addr)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** Called when we don't have a nickname set. Try to guess a good
|
/** Called when we don't have a nickname set. Try to guess a good
|
||||||
* nickname based on the hostname, and return it. */
|
* nickname based on the hostname, and return it in a newly allocated string. */
|
||||||
static char *
|
static char *
|
||||||
get_default_nickname(void)
|
get_default_nickname(void)
|
||||||
{
|
{
|
||||||
|
@ -354,7 +354,7 @@ connection_tls_finish_handshake(connection_t *conn) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* Okay; the other side is an OR or a post-0.0.8 OP (with a cert). */
|
/* Okay; the other side is an OR or a post-0.0.8 OP (with a cert). */
|
||||||
if (tor_tls_get_peer_cert_nickname(conn->tls, nickname, MAX_NICKNAME_LEN)) {
|
if (tor_tls_get_peer_cert_nickname(conn->tls, nickname, sizeof(nickname))) {
|
||||||
log_fn(LOG_WARN,"Other side (%s:%d) has a cert without a valid nickname. Closing.",
|
log_fn(LOG_WARN,"Other side (%s:%d) has a cert without a valid nickname. Closing.",
|
||||||
conn->address, conn->port);
|
conn->address, conn->port);
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -240,7 +240,8 @@ int init_keys(void) {
|
|||||||
*/
|
*/
|
||||||
char keydir[512];
|
char keydir[512];
|
||||||
char keydir2[512];
|
char keydir2[512];
|
||||||
char fingerprint[FINGERPRINT_LEN+MAX_NICKNAME_LEN+3];
|
char fingerprint[FINGERPRINT_LEN+1];
|
||||||
|
char fingerprint_line[FINGERPRINT_LEN+MAX_NICKNAME_LEN+3];/*nickname fp\n\0 */
|
||||||
char *cp;
|
char *cp;
|
||||||
const char *tmp, *mydesc, *datadir;
|
const char *tmp, *mydesc, *datadir;
|
||||||
crypto_pk_env_t *prkey;
|
crypto_pk_env_t *prkey;
|
||||||
@ -333,16 +334,17 @@ int init_keys(void) {
|
|||||||
/* 5. Dump fingerprint to 'fingerprint' */
|
/* 5. Dump fingerprint to 'fingerprint' */
|
||||||
tor_snprintf(keydir,sizeof(keydir),"%s/fingerprint", datadir);
|
tor_snprintf(keydir,sizeof(keydir),"%s/fingerprint", datadir);
|
||||||
log_fn(LOG_INFO,"Dumping fingerprint to %s...",keydir);
|
log_fn(LOG_INFO,"Dumping fingerprint to %s...",keydir);
|
||||||
tor_assert(strlen(options->Nickname) <= MAX_NICKNAME_LEN);
|
if (crypto_pk_get_fingerprint(get_identity_key(), fingerprint, 1)<0) {
|
||||||
strlcpy(fingerprint, options->Nickname, sizeof(fingerprint));
|
|
||||||
strlcat(fingerprint, " ", sizeof(fingerprint));
|
|
||||||
if (crypto_pk_get_fingerprint(get_identity_key(),
|
|
||||||
fingerprint+strlen(fingerprint), 1)<0) {
|
|
||||||
log_fn(LOG_ERR, "Error computing fingerprint");
|
log_fn(LOG_ERR, "Error computing fingerprint");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
strlcat(fingerprint, "\n", sizeof(fingerprint));
|
tor_assert(strlen(options->Nickname) <= MAX_NICKNAME_LEN);
|
||||||
if (write_str_to_file(keydir, fingerprint, 0))
|
if (tor_snprintf(fingerprint_line, sizeof(fingerprint_line),
|
||||||
|
"%s %s\n",options->Nickname, fingerprint) < 0) {
|
||||||
|
log_fn(LOG_ERR, "Error writing fingerprint line");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (write_str_to_file(keydir, fingerprint_line, 0))
|
||||||
return -1;
|
return -1;
|
||||||
if (!authdir_mode(options))
|
if (!authdir_mode(options))
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -311,8 +311,8 @@ add_nickname_list_to_smartlist(smartlist_t *sl, const char *list, int warn_if_do
|
|||||||
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
|
||||||
|
|
||||||
SMARTLIST_FOREACH(nickname_list, const char *, nick, {
|
SMARTLIST_FOREACH(nickname_list, const char *, nick, {
|
||||||
if (strlen(nick) > MAX_HEX_NICKNAME_LEN) {
|
if (!is_legal_nickname_or_hexdigest(nick)) {
|
||||||
log_fn(LOG_WARN,"Nickname too long; skipping");
|
log_fn(LOG_WARN,"Nickname %s is misformed; skipping", nick);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
router = router_get_by_nickname(nick);
|
router = router_get_by_nickname(nick);
|
||||||
|
@ -340,6 +340,10 @@ router_parse_routerlist_from_directory(const char *str,
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* now we know tok->n_args == 1, so it's safe to access tok->args[0] */
|
/* now we know tok->n_args == 1, so it's safe to access tok->args[0] */
|
||||||
|
if (!is_legal_nickname(tok->args[0])) {
|
||||||
|
log_fn(LOG_WARN, "Directory nickname '%s' is misformed", tok->args[0]);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
strlcpy(dirnickname, tok->args[0], sizeof(dirnickname));
|
strlcpy(dirnickname, tok->args[0], sizeof(dirnickname));
|
||||||
|
|
||||||
SMARTLIST_FOREACH(tokens, directory_token_t *, tok, token_free(tok));
|
SMARTLIST_FOREACH(tokens, directory_token_t *, tok, token_free(tok));
|
||||||
|
Loading…
Reference in New Issue
Block a user