diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-02-11 15:42:57 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-02-11 15:42:57 -0500 |
| commit | f12fafac5a6ab02fa2544eafef8dead847f7353e (patch) | |
| tree | 0faa9598c99b7ebe5f0f0eb127f7865fad2677f3 /src/or/rendservice.c | |
| parent | 52263b0dda85632ea1deb0f05a83a39d4876f3ab (diff) | |
| download | tor-f12fafac5a6ab02fa2544eafef8dead847f7353e.tar.gz tor-f12fafac5a6ab02fa2544eafef8dead847f7353e.zip | |
Make hidden service authorization work again.
The refactoring in commit 471ab340325 wasn't complete enough: we
were checking the auth_len variable, but never actually setting it,
so it would never seem that authentication had been provided.
This commit also removes a bunch of unused variables from
rend_service_introduce, whose unusedness we hadn't noticed because
we were wiping them at the end of the function.
Fix for bug 8207; bugfix on 0.2.4.1-alpha.
Diffstat (limited to 'src/or/rendservice.c')
| -rw-r--r-- | src/or/rendservice.c | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 10d232c039..a066e02024 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1119,11 +1119,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, crypt_path_t *cpath = NULL; char hexcookie[9]; int circ_needs_uptime; - char intro_key_digest[DIGEST_LEN]; - size_t auth_len = 0; - char auth_data[REND_DESC_COOKIE_LEN]; time_t now = time(NULL); - char diffie_hellman_hash[DIGEST_LEN]; time_t elapsed; int replay; @@ -1296,8 +1292,9 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, /* If the service performs client authorization, check included auth data. */ if (service->clients) { - if (auth_len > 0) { - if (rend_check_authorization(service, auth_data)) { + if (parsed_req->version == 3 && parsed_req->u.v3.auth_len > 0) { + if (rend_check_authorization(service, + (const char*)parsed_req->u.v3.auth_data)) { log_info(LD_REND, "Authorization data in INTRODUCE2 cell are valid."); } else { log_info(LD_REND, "The authorization data that are contained in " @@ -1410,9 +1407,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, memwipe(buf, 0, sizeof(buf)); memwipe(serviceid, 0, sizeof(serviceid)); memwipe(hexcookie, 0, sizeof(hexcookie)); - memwipe(intro_key_digest, 0, sizeof(intro_key_digest)); - memwipe(auth_data, 0, sizeof(auth_data)); - memwipe(diffie_hellman_hash, 0, sizeof(diffie_hellman_hash)); /* Free the parsed cell */ if (parsed_req) { |