diff options
| author | David Goulet <dgoulet@torproject.org> | 2017-05-30 10:27:42 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2017-05-30 10:27:42 -0400 |
| commit | 5b33d95a3dfe943625d78983bb53be2901a51150 (patch) | |
| tree | 9c28a3511f44a2f03eb9ec302ee5db3e527efcd1 /src/or/hs_descriptor.c | |
| parent | 83439e78cc08f5a05d314de4409e69aa6d1601d7 (diff) | |
| download | tor-5b33d95a3dfe943625d78983bb53be2901a51150.tar.gz tor-5b33d95a3dfe943625d78983bb53be2901a51150.zip | |
hs: Correctly validate v3 descriptor encrypted length
The encrypted_data_length_is_valid() function wasn't validating correctly the
length of the encrypted data of a v3 descriptor. The side effect of this is
that an HSDir was rejecting the descriptor and ultimately not storing it.
Fixes #22447
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/or/hs_descriptor.c')
| -rw-r--r-- | src/or/hs_descriptor.c | 23 |
1 files changed, 4 insertions, 19 deletions
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c index f16a2fdc14..938b7a77df 100644 --- a/src/or/hs_descriptor.c +++ b/src/or/hs_descriptor.c @@ -1023,30 +1023,15 @@ cert_parse_and_validate(tor_cert_t **cert_out, const char *data, STATIC int encrypted_data_length_is_valid(size_t len) { - /* Check for the minimum length possible. */ - if (len < HS_DESC_ENCRYPTED_MIN_LEN) { + /* Make sure there is enough data for the salt and the mac. The equality is + * there to ensure that there is at least one byte of encrypted data. */ + if (len <= HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN) { log_warn(LD_REND, "Length of descriptor's encrypted data is too small. " "Got %lu but minimum value is %d", - (unsigned long)len, HS_DESC_ENCRYPTED_MIN_LEN); + (unsigned long)len, HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN); goto err; } - /* Encrypted data has the salt and MAC concatenated to it so remove those - * from the validation calculation. */ - len -= HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN; - - /* Check that it's aligned on the block size of the crypto algorithm. */ - if (len % HS_DESC_PLAINTEXT_PADDING_MULTIPLE) { - log_warn(LD_REND, "Length of descriptor's encrypted data is invalid. " - "Got %lu which is not a multiple of %d.", - (unsigned long) len, HS_DESC_PLAINTEXT_PADDING_MULTIPLE); - goto err; - } - - /* XXX: Check maximum size. Will strongly depends on the maximum intro point - * allowed we decide on and probably if they will all have to use the legacy - * key which is bigger than the ed25519 key. */ - return 1; err: return 0; |