diff options
| author | Yawning Angel <yawning@schwanenlied.me> | 2015-03-30 21:53:39 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-04-06 09:18:17 -0400 |
| commit | 49ddd92c115c6943c4602d44f52c22b6f47698e8 (patch) | |
| tree | 33793b0f5a5019eff42df48aca430a7fe96bc259 /src/or/rendservice.c | |
| parent | 01e4bc80cd75bbf2a4ce3b18ff17550eed993bb0 (diff) | |
| download | tor-49ddd92c115c6943c4602d44f52c22b6f47698e8.tar.gz tor-49ddd92c115c6943c4602d44f52c22b6f47698e8.zip | |
Validate the RSA key size received when parsing INTRODUCE2 cells.
Fixes bug 15600; reported by skruffy
Diffstat (limited to 'src/or/rendservice.c')
| -rw-r--r-- | src/or/rendservice.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 8a4a11e475..436f2f4b69 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1810,6 +1810,16 @@ rend_service_parse_intro_for_v2( goto err; } + if (128 != crypto_pk_keysize(extend_info->onion_key)) { + if (err_msg_out) { + tor_asprintf(err_msg_out, + "invalid onion key size in version %d INTRODUCE%d cell", + intro->version, + (intro->type)); + } + + goto err; + } ver_specific_len = 7+DIGEST_LEN+2+klen; |