diff options
| author | George Kadianakis <desnacked@riseup.net> | 2017-07-06 16:23:30 +0300 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-07-07 11:12:27 -0400 |
| commit | 70d08f764d9912e66a2c6c0f3e4241f563d53ebd (patch) | |
| tree | a7cf6f22fcf2912c26d6b6bde85babc2cee2c9cd /src/or/hs_circuit.c | |
| parent | c4d17faf81d8cfe4cf943ba11be03413c58f4d44 (diff) | |
| download | tor-70d08f764d9912e66a2c6c0f3e4241f563d53ebd.tar.gz tor-70d08f764d9912e66a2c6c0f3e4241f563d53ebd.zip | |
Explicit length checks in create_rend_cpath().
Had to also edit hs_ntor_circuit_key_expansion() to make it happen.
Diffstat (limited to 'src/or/hs_circuit.c')
| -rw-r--r-- | src/or/hs_circuit.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c index 42c5dcb91a..f2ea8f5538 100644 --- a/src/or/hs_circuit.c +++ b/src/or/hs_circuit.c @@ -48,13 +48,17 @@ circuit_purpose_is_correct_for_rend(unsigned int circ_purpose, int is_service_si * If <b>is_service_side</b> is set, we are the hidden service and the final * hop of the rendezvous circuit is the client on the other side. */ static crypt_path_t * -create_rend_cpath(const uint8_t *ntor_key_seed, int is_service_side) +create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len, + int is_service_side) { uint8_t keys[HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN]; crypt_path_t *cpath = NULL; /* Do the key expansion */ - hs_ntor_circuit_key_expansion(ntor_key_seed, keys); + if (hs_ntor_circuit_key_expansion(ntor_key_seed, seed_len, + keys, sizeof(keys)) < 0) { + goto err; + } /* Setup the cpath */ cpath = tor_malloc_zero(sizeof(crypt_path_t)); @@ -171,7 +175,7 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop, * Return 0 if the operation went well; in case of error return -1. */ int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, - const uint8_t *ntor_key_seed, + const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side) { if (BUG(!circuit_purpose_is_correct_for_rend(TO_CIRCUIT(circ)->purpose, @@ -179,7 +183,8 @@ hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, return -1; } - crypt_path_t *hop = create_rend_cpath(ntor_key_seed, is_service_side); + crypt_path_t *hop = create_rend_cpath(ntor_key_seed, seed_len, + is_service_side); if (!hop) { log_warn(LD_REND, "Couldn't get v3 %s cpath!", is_service_side ? "service-side" : "client-side"); |