Merge remote-tracking branch 'asn/bug20852_v1'

1 files changed, 9 insertions, 7 deletions

diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 00d10757ed..ad6b32606c 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -15,13 +15,14 @@
 #include "ed25519_cert.h" /* Trunnel interface. */
 #include "parsecommon.h"
 #include "rendcache.h"
+#include "hs_cache.h"
 #include "torcert.h" /* tor_cert_encode_ed22519() */
 
 /* Constant string value used for the descriptor format. */
 #define str_hs_desc "hs-descriptor"
 #define str_desc_cert "descriptor-signing-key-cert"
 #define str_rev_counter "revision-counter"
-#define str_encrypted "encrypted"
+#define str_superencrypted "superencrypted"
 #define str_signature "signature"
 #define str_lifetime "descriptor-lifetime"
 /* Constant string value for the encrypted part of the descriptor. */
@@ -35,7 +36,7 @@
 #define str_intro_point_start "\n" str_intro_point " "
 /* Constant string value for the construction to encrypt the encrypted data
  * section. */
-#define str_enc_hsdir_data "hsdir-encrypted-data"
+#define str_enc_hsdir_data "hsdir-superencrypted-data"
 /* Prefix required to compute/verify HS desc signatures */
 #define str_desc_sig_prefix "Tor onion service descriptor sig v3"
 
@@ -56,7 +57,7 @@ static token_rule_t hs_desc_v3_token_table[] = {
   T1(str_lifetime, R3_DESC_LIFETIME, EQ(1), NO_OBJ),
   T1(str_desc_cert, R3_DESC_SIGNING_CERT, NO_ARGS, NEED_OBJ),
   T1(str_rev_counter, R3_REVISION_COUNTER, EQ(1), NO_OBJ),
-  T1(str_encrypted, R3_ENCRYPTED, NO_ARGS, NEED_OBJ),
+  T1(str_superencrypted, R3_SUPERENCRYPTED, NO_ARGS, NEED_OBJ),
   T1_END(str_signature, R3_SIGNATURE, EQ(1), NO_OBJ),
   END_OF_TABLE
 };
@@ -751,7 +752,7 @@ desc_encode_v3(const hs_descriptor_t *desc,
                            desc->plaintext_data.revision_counter);
   }
 
-  /* Build the encrypted data section. */
+  /* Build the superencrypted data section. */
   {
     char *enc_b64_blob=NULL;
     if (encode_encrypted_data(desc, &enc_b64_blob) < 0) {
@@ -762,7 +763,7 @@ desc_encode_v3(const hs_descriptor_t *desc,
                            "-----BEGIN MESSAGE-----\n"
                            "%s"
                            "-----END MESSAGE-----",
-                           str_encrypted, enc_b64_blob);
+                           str_superencrypted, enc_b64_blob);
     tor_free(enc_b64_blob);
   }
 
@@ -1492,7 +1493,7 @@ desc_decode_plaintext_v3(smartlist_t *tokens,
   }
 
   /* Extract the encrypted data section. */
-  tok = find_by_keyword(tokens, R3_ENCRYPTED);
+  tok = find_by_keyword(tokens, R3_SUPERENCRYPTED);
   tor_assert(tok->object_body);
   if (strcmp(tok->object_type, "MESSAGE") != 0) {
     log_warn(LD_REND, "Service descriptor encrypted data section is invalid");
@@ -1701,8 +1702,9 @@ hs_desc_decode_plaintext(const char *encoded,
   tor_assert(encoded);
   tor_assert(plaintext);
 
+  /* Check that descriptor is within size limits. */
   encoded_len = strlen(encoded);
-  if (encoded_len >= HS_DESC_MAX_LEN) {
+  if (encoded_len >= hs_cache_get_max_descriptor_size()) {
     log_warn(LD_REND, "Service descriptor is too big (%lu bytes)",
              (unsigned long) encoded_len);
     goto err;