diff options
author | Nick Mathewson <nickm@torproject.org> | 2012-01-10 16:44:03 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2012-01-10 16:44:03 -0500 |
commit | 7fbf1e225e81171e72fdd31a538b55da16b97ab7 (patch) | |
tree | 1ebba6b3d47fed0afb9187b5d5914bbcd2e8b6cc | |
parent | 8d74fba651dfb788568d2236da773ed9fd9b4a39 (diff) | |
parent | d05bc02192b571e57c1568af45165dd7847a2f91 (diff) | |
download | tor-7fbf1e225e81171e72fdd31a538b55da16b97ab7.tar.gz tor-7fbf1e225e81171e72fdd31a538b55da16b97ab7.zip |
Merge remote-tracking branch 'asn-mytor/bug4746'
-rw-r--r-- | src/common/crypto.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 364b6a778c..b1fc5eded8 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1837,7 +1837,10 @@ crypto_store_dynamic_dh_modulus(const char *fname) DH *dh = NULL; unsigned char *dh_string_repr = NULL, *cp = NULL; char *base64_encoded_dh = NULL; + char *file_string = NULL; int retval = -1; + const static char *file_header = "# This file contains stored Diffie-Hellman" + " parameters for future use.\n# You *do not* need to edit this file.\n\n"; tor_assert(fname); @@ -1876,7 +1879,11 @@ crypto_store_dynamic_dh_modulus(const char *fname) goto done; } - if (write_bytes_to_new_file(fname, base64_encoded_dh, new_len, 0) < 0) { + /* concatenate file header and the dh parameters blob */ + tor_asprintf(&file_string, "%s%s", file_header, base64_encoded_dh); + + /* write to file */ + if (write_bytes_to_new_file(fname, file_string, strlen(file_string), 0) < 0) { log_info(LD_CRYPTO, "'%s' was already occupied.", fname); goto done; } @@ -1888,6 +1895,7 @@ crypto_store_dynamic_dh_modulus(const char *fname) DH_free(dh); tor_free(dh_string_repr); tor_free(base64_encoded_dh); + tor_free(file_string); return retval; } @@ -1899,6 +1907,7 @@ crypto_get_stored_dynamic_dh_modulus(const char *fname) { int retval; char *contents = NULL; + const char *contents_tmp = NULL; int dh_codes; char *fname_new = NULL; DH *stored_dh = NULL; @@ -1915,15 +1924,23 @@ crypto_get_stored_dynamic_dh_modulus(const char *fname) goto done; /*usually means that ENOENT. don't try to move file to broken.*/ } + /* skip the file header */ + contents_tmp = eat_whitespace(contents); + if (!*contents_tmp) { + log_warn(LD_CRYPTO, "Stored dynamic DH modulus file " + "seems corrupted (eat_whitespace)."); + goto err; + } + /* 'fname' contains the DH parameters stored in base64-ed DER * format. We are only interested in the DH modulus. * NOTE: We allocate more storage here than we need. Since we're already * doing that, we can also add 1 byte extra to appease Coverity's * scanner. */ - cp = base64_decoded_dh = tor_malloc_zero(strlen(contents) + 1); - length = base64_decode((char *)base64_decoded_dh, strlen(contents), - contents, strlen(contents)); + cp = base64_decoded_dh = tor_malloc_zero(strlen(contents_tmp) + 1); + length = base64_decode((char *)base64_decoded_dh, strlen(contents_tmp), + contents_tmp, strlen(contents_tmp)); if (length < 0) { log_warn(LD_CRYPTO, "Stored dynamic DH modulus seems corrupted (base64)."); goto err; |