summaryrefslogtreecommitdiff
path: root/src/or/rendservice.c
diff options
context:
space:
mode:
authorAndrea Shepard <andrea@persephoneslair.org>2012-06-15 21:17:02 -0700
committerAndrea Shepard <andrea@persephoneslair.org>2012-06-15 21:17:02 -0700
commitab2e007ffbb6a6cdf8765e4beaa2bb69c1289036 (patch)
tree71e4007c29a17d3f43e3447e3683e64fc2529edd /src/or/rendservice.c
parent276f95182c864a4cb9457bf56d842ef297e2cd2b (diff)
downloadtor-ab2e007ffbb6a6cdf8765e4beaa2bb69c1289036.tar.gz
tor-ab2e007ffbb6a6cdf8765e4beaa2bb69c1289036.zip
In rend_service_load_keys(), clear extended descriptor cookie and buffer, clear temporary heap space for client key, and check if serializing client key fails
Diffstat (limited to 'src/or/rendservice.c')
-rw-r--r--src/or/rendservice.c21
1 files changed, 18 insertions, 3 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index acc3cea223..b257c7a190 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -619,6 +619,7 @@ rend_service_load_keys(void)
char buf[1500];
char desc_cook_out[3*REND_DESC_COOKIE_LEN_BASE64+1];
char service_id[16+1];
+ char extended_desc_cookie[REND_DESC_COOKIE_LEN+1];
SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) {
if (s->private_key)
@@ -765,15 +766,25 @@ rend_service_load_keys(void)
}
if (client->client_key) {
char *client_key_out = NULL;
- crypto_pk_write_private_key_to_string(client->client_key,
- &client_key_out, &len);
+ if ( crypto_pk_write_private_key_to_string(client->client_key,
+ &client_key_out, &len) != 0 ) {
+ log_warn(LD_BUG, "Internal error: "
+ "crypto_pk_write_private_key_to_string() failed.");
+ goto err;
+ }
if (rend_get_service_id(client->client_key, service_id)<0) {
log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
+ /*
+ * len is string length, not buffer length, but last byte is NUL
+ * anyway.
+ */
+ memset(client_key_out, 0, len);
tor_free(client_key_out);
goto err;
}
written = tor_snprintf(buf + written, sizeof(buf) - written,
"client-key\n%s", client_key_out);
+ memset(client_key_out, 0, len);
tor_free(client_key_out);
if (written < 0) {
log_warn(LD_BUG, "Could not write client entry.");
@@ -794,7 +805,6 @@ rend_service_load_keys(void)
tor_snprintf(buf, sizeof(buf),"%s.onion %s # client: %s\n",
s->service_id, desc_cook_out, client->client_name);
} else {
- char extended_desc_cookie[REND_DESC_COOKIE_LEN+1];
memcpy(extended_desc_cookie, client->descriptor_cookie,
REND_DESC_COOKIE_LEN);
extended_desc_cookie[REND_DESC_COOKIE_LEN] =
@@ -827,8 +837,11 @@ rend_service_load_keys(void)
strmap_free(parsed_clients, rend_authorized_client_strmap_item_free);
if (r<0) {
/* Clear these here for the early error exit */
+ /* We have to clear buf because encoded keys can get written to it */
+ memset(buf, 0, sizeof(buf));
memset(desc_cook_out, 0, sizeof(desc_cook_out));
memset(service_id, 0, sizeof(service_id));
+ memset(extended_desc_cookie, 0, sizeof(extended_desc_cookie));
if (open_cfile)
abort_writing_to_file(open_cfile);
if (open_hfile)
@@ -847,8 +860,10 @@ rend_service_load_keys(void)
* and so forth) that otherwise might have leftover key from the
* previous iteration on the stack.
*/
+ memset(buf, 0, sizeof(buf));
memset(desc_cook_out, 0, sizeof(desc_cook_out));
memset(service_id, 0, sizeof(service_id));
+ memset(extended_desc_cookie, 0, sizeof(extended_desc_cookie));
} SMARTLIST_FOREACH_END(s);
return r;