Do not use strcmp() to compare an http authenticator to its expected value

This fixes a side-channel attack on the (fortunately unused!) BridgePassword option for bridge authorities. Fix for bug 5543; bugfix on 0.2.0.14-alpha.
author: Nick Mathewson <nickm@torproject.org> 2012-03-31 22:51:28 -0400
committer: Nick Mathewson <nickm@torproject.org> 2012-04-01 00:42:04 -0400
commit: 9a69c24150965e54322ed9616638d4f1939b1289 (patch)
tree: a28e0c4d406c63356d95460d77930a6a700c229f /src/or/or.h
parent: 9740f067c4bed47beb63483be4f4636167a04019 (diff)
download: tor-9a69c24150965e54322ed9616638d4f1939b1289.tar.gz
tor-9a69c24150965e54322ed9616638d4f1939b1289.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/src/or/or.h b/src/or/or.h
index eecd3750a9..92592e5fa9 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2489,10 +2489,11 @@ typedef struct {
                                * that aggregates bridge descriptors? */
 
   /** If set on a bridge authority, it will answer requests on its dirport
-   * for bridge statuses -- but only if the requests use this password.
-   * If set on a bridge user, request bridge statuses, and use this password
-   * when doing so. */
+   * for bridge statuses -- but only if the requests use this password. */
   char *BridgePassword;
+  /** If BridgePassword is set, this is a SHA256 digest of the basic http
+   * authenticator for it. */
+  char *BridgePassword_AuthDigest;
 
   int UseBridges; /**< Boolean: should we start all circuits with a bridge? */
   config_line_t *Bridges; /**< List of bootstrap bridge addresses. */
author	Nick Mathewson <nickm@torproject.org>	2012-03-31 22:51:28 -0400
committer	Nick Mathewson <nickm@torproject.org>	2012-04-01 00:42:04 -0400
commit	9a69c24150965e54322ed9616638d4f1939b1289 (patch)
tree	a28e0c4d406c63356d95460d77930a6a700c229f /src/or/or.h
parent	9740f067c4bed47beb63483be4f4636167a04019 (diff)
download	tor-9a69c24150965e54322ed9616638d4f1939b1289.tar.gz tor-9a69c24150965e54322ed9616638d4f1939b1289.zip