diff options
| author | Nick Mathewson <nickm@torproject.org> | 2021-09-14 14:19:22 -0400 |
|---|---|---|
| committer | Mike Perry <mikeperry-git@torproject.org> | 2022-02-22 19:28:33 +0000 |
| commit | 358ce9a19d522d1e1cf9a119850e924ca106fec5 (patch) | |
| tree | a2a6740270dc16796bf317d7ff5cf548734e595a /src/core/crypto | |
| parent | d057f45c6c446023eb368e8dab6b0d0a9d1c0d1d (diff) | |
| download | tor-358ce9a19d522d1e1cf9a119850e924ca106fec5.tar.gz tor-358ce9a19d522d1e1cf9a119850e924ca106fec5.zip | |
Add a size argument for the buffer on onion handshake functions
Diffstat (limited to 'src/core/crypto')
| -rw-r--r-- | src/core/crypto/onion_crypto.c | 19 | ||||
| -rw-r--r-- | src/core/crypto/onion_crypto.h | 4 |
2 files changed, 19 insertions, 4 deletions
diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c index f85ee2c82b..66c21bf655 100644 --- a/src/core/crypto/onion_crypto.c +++ b/src/core/crypto/onion_crypto.c @@ -103,19 +103,23 @@ onion_handshake_state_release(onion_handshake_state_t *state) /** Perform the first step of a circuit-creation handshake of type <b>type</b> * (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in - * <b>onion_skin_out</b>, and store any state information in <b>state_out</b>. + * <b>onion_skin_out</b> with length of up to <b>onion_skin_out_maxlen</b>, + * and store any state information in <b>state_out</b>. * Return -1 on failure, and the length of the onionskin on acceptance. */ int onion_skin_create(int type, const extend_info_t *node, onion_handshake_state_t *state_out, - uint8_t *onion_skin_out) + uint8_t *onion_skin_out, + size_t onion_skin_out_maxlen) { int r = -1; switch (type) { case ONION_HANDSHAKE_TYPE_TAP: + if (onion_skin_out_maxlen < TAP_ONIONSKIN_CHALLENGE_LEN) + return -1; if (!node->onion_key) return -1; @@ -133,7 +137,9 @@ onion_skin_create(int type, r = CREATE_FAST_LEN; break; case ONION_HANDSHAKE_TYPE_NTOR: - if (!extend_info_supports_ntor(node)) + if (onion_skin_out_maxlen < NTOR_ONIONSKIN_LEN) + return -1; + if (!extend_info_supports_ntor(node)) return -1; if (onion_skin_ntor_create((const uint8_t*)node->identity_digest, &node->curve25519_onion_key, @@ -175,6 +181,7 @@ onion_skin_server_handshake(int type, const uint8_t *onion_skin, size_t onionskin_len, const server_onion_keys_t *keys, uint8_t *reply_out, + size_t reply_out_maxlen, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_nonce_out) { @@ -182,6 +189,8 @@ onion_skin_server_handshake(int type, switch (type) { case ONION_HANDSHAKE_TYPE_TAP: + if (reply_out_maxlen < TAP_ONIONSKIN_REPLY_LEN) + return -1; if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN) return -1; if (onion_skin_TAP_server_handshake((const char*)onion_skin, @@ -193,6 +202,8 @@ onion_skin_server_handshake(int type, memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN); break; case ONION_HANDSHAKE_TYPE_FAST: + if (reply_out_maxlen < CREATED_FAST_LEN) + return -1; if (onionskin_len != CREATE_FAST_LEN) return -1; if (fast_server_handshake(onion_skin, reply_out, keys_out, keys_out_len)<0) @@ -201,6 +212,8 @@ onion_skin_server_handshake(int type, memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN); break; case ONION_HANDSHAKE_TYPE_NTOR: + if (reply_out_maxlen < NTOR_REPLY_LEN) + return -1; if (onionskin_len < NTOR_ONIONSKIN_LEN) return -1; { diff --git a/src/core/crypto/onion_crypto.h b/src/core/crypto/onion_crypto.h index 68cd465cf7..bf25552b83 100644 --- a/src/core/crypto/onion_crypto.h +++ b/src/core/crypto/onion_crypto.h @@ -25,11 +25,13 @@ void onion_handshake_state_release(onion_handshake_state_t *state); int onion_skin_create(int type, const extend_info_t *node, onion_handshake_state_t *state_out, - uint8_t *onion_skin_out); + uint8_t *onion_skin_out, + size_t onion_skin_out_maxlen); int onion_skin_server_handshake(int type, const uint8_t *onion_skin, size_t onionskin_len, const server_onion_keys_t *keys, uint8_t *reply_out, + size_t reply_out_maxlen, uint8_t *keys_out, size_t key_out_len, uint8_t *rend_nonce_out); int onion_skin_client_handshake(int type, |