diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-11-03 14:02:47 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-11-04 00:24:15 -0500 |
| commit | b10e5ac7b86c459a62cfc316c8be87143d2a87e4 (patch) | |
| tree | 871d286e6bf3dcc2198454ddf90ecfd308bd6d2d /src/or/rendcommon.c | |
| parent | 9e2608b0d35e7e890e53f83e40675851caff4a14 (diff) | |
| download | tor-b10e5ac7b86c459a62cfc316c8be87143d2a87e4.tar.gz tor-b10e5ac7b86c459a62cfc316c8be87143d2a87e4.zip | |
Check descriptor ID in addition to HS ID when saving a v2 hs descriptor
Fixes bug 13214; reported by 'special'.
Diffstat (limited to 'src/or/rendcommon.c')
| -rw-r--r-- | src/or/rendcommon.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index a664b5d501..e95cf48522 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1034,10 +1034,14 @@ rend_cache_store_v2_desc_as_dir(const char *desc) * If the descriptor's service ID does not match * <b>rend_query</b>-\>onion_address, reject it. * + * If the descriptor's descriptor ID doesn't match <b>desc_id_base32</b>, + * reject it. + * * Return an appropriate rend_cache_store_status_t. */ rend_cache_store_status_t rend_cache_store_v2_desc_as_client(const char *desc, + const char *desc_id_base32, const rend_data_t *rend_query) { /*XXXX this seems to have a bit of duplicate code with @@ -1064,10 +1068,19 @@ rend_cache_store_v2_desc_as_client(const char *desc, time_t now = time(NULL); char key[REND_SERVICE_ID_LEN_BASE32+2]; char service_id[REND_SERVICE_ID_LEN_BASE32+1]; + char want_desc_id[DIGEST_LEN]; rend_cache_entry_t *e; rend_cache_store_status_t retval = RCS_BADDESC; tor_assert(rend_cache); tor_assert(desc); + tor_assert(desc_id_base32); + memset(want_desc_id, 0, sizeof(want_desc_id)); + if (base32_decode(want_desc_id, sizeof(want_desc_id), + desc_id_base32, strlen(desc_id_base32)) != 0) { + log_warn(LD_BUG, "Couldn't decode base32 %s for descriptor id.", + escaped_safe_str_client(desc_id_base32)); + goto err; + } /* Parse the descriptor. */ if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content, &intro_size, &encoded_size, @@ -1086,6 +1099,12 @@ rend_cache_store_v2_desc_as_client(const char *desc, service_id, safe_str(rend_query->onion_address)); goto err; } + if (tor_memneq(desc_id, want_desc_id, DIGEST_LEN)) { + log_warn(LD_REND, "Received service descriptor for %s with incorrect " + "descriptor ID.", service_id); + goto err; + } + /* Decode/decrypt introduction points. */ if (intro_content) { int n_intro_points; |