Explicit length checks in circuit_init_cpath_crypto().

author: George Kadianakis <desnacked@riseup.net> 2017-07-06 14:15:23 +0300
committer: Nick Mathewson <nickm@torproject.org> 2017-07-07 11:12:27 -0400
commit: c4d17faf81d8cfe4cf943ba11be03413c58f4d44 (patch)
tree: 0313df314f65493bda621bc703b6ef9e6ef73316 /src/or/hs_circuit.c
parent: 2432499705b0df5427604b5bf501bb22ccd73131 (diff)
download: tor-c4d17faf81d8cfe4cf943ba11be03413c58f4d44.tar.gz
tor-c4d17faf81d8cfe4cf943ba11be03413c58f4d44.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c
index 1729080c20..42c5dcb91a 100644
--- a/src/or/hs_circuit.c
+++ b/src/or/hs_circuit.c
@@ -60,7 +60,7 @@ create_rend_cpath(const uint8_t *ntor_key_seed, int is_service_side)
   cpath = tor_malloc_zero(sizeof(crypt_path_t));
   cpath->magic = CRYPT_PATH_MAGIC;
 
-  if (circuit_init_cpath_crypto(cpath, (char*)keys,
+  if (circuit_init_cpath_crypto(cpath, (char*)keys, sizeof(keys),
                                 is_service_side, 1) < 0) {
     tor_free(cpath);
     goto err;
@@ -96,7 +96,9 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
     goto err;
   }
   /* ... and set up cpath. */
-  if (circuit_init_cpath_crypto(hop, keys+DIGEST_LEN, 0, 0)<0)
+  if (circuit_init_cpath_crypto(hop,
+                                keys+DIGEST_LEN, sizeof(keys)-DIGEST_LEN,
+                                0, 0) < 0)
     goto err;
 
   /* Check whether the digest is right... */
author	George Kadianakis <desnacked@riseup.net>	2017-07-06 14:15:23 +0300
committer	Nick Mathewson <nickm@torproject.org>	2017-07-07 11:12:27 -0400
commit	c4d17faf81d8cfe4cf943ba11be03413c58f4d44 (patch)
tree	0313df314f65493bda621bc703b6ef9e6ef73316 /src/or/hs_circuit.c
parent	2432499705b0df5427604b5bf501bb22ccd73131 (diff)
download	tor-c4d17faf81d8cfe4cf943ba11be03413c58f4d44.tar.gz tor-c4d17faf81d8cfe4cf943ba11be03413c58f4d44.zip