diff options
author | Micah Elizabeth Scott <beth@torproject.org> | 2023-05-15 12:11:00 -0700 |
---|---|---|
committer | Micah Elizabeth Scott <beth@torproject.org> | 2023-05-15 12:11:00 -0700 |
commit | 459b775a7eb5b26fb73b56c1a0f02548e53c45cc (patch) | |
tree | 185389d8aef33edcdd89d5a7005191cce2d5989c | |
parent | 34da50718a4395936736c32e8cc24876d2f7e10c (diff) | |
download | tor-459b775a7eb5b26fb73b56c1a0f02548e53c45cc.tar.gz tor-459b775a7eb5b26fb73b56c1a0f02548e53c45cc.zip |
hs_pow: fix insufficient length check in pow-params
The descriptor validation table had an out of date minimum length
for pow-params (3) whereas the spec and the current code expect at
least 4 parameters. This was an opportunity for a malicious service
to cause an assert failure in clients which attempted to parse its
descriptor.
Addresses issue #40793
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
-rw-r--r-- | src/feature/hs/hs_descriptor.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c index d07f900e3a..7b519e4c78 100644 --- a/src/feature/hs/hs_descriptor.c +++ b/src/feature/hs/hs_descriptor.c @@ -155,7 +155,7 @@ static token_rule_t hs_desc_encrypted_v3_token_table[] = { T01(str_intro_auth_required, R3_INTRO_AUTH_REQUIRED, GE(1), NO_OBJ), T01(str_single_onion, R3_SINGLE_ONION_SERVICE, ARGS, NO_OBJ), T01(str_flow_control, R3_FLOW_CONTROL, GE(2), NO_OBJ), - T01(str_pow_params, R3_POW_PARAMS, GE(3), NO_OBJ), + T01(str_pow_params, R3_POW_PARAMS, GE(4), NO_OBJ), END_OF_TABLE }; |