summaryrefslogtreecommitdiff
path: root/src/or/rendservice.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2013-02-11 15:42:57 -0500
committerNick Mathewson <nickm@torproject.org>2013-02-11 15:42:57 -0500
commitf12fafac5a6ab02fa2544eafef8dead847f7353e (patch)
tree0faa9598c99b7ebe5f0f0eb127f7865fad2677f3 /src/or/rendservice.c
parent52263b0dda85632ea1deb0f05a83a39d4876f3ab (diff)
downloadtor-f12fafac5a6ab02fa2544eafef8dead847f7353e.tar.gz
tor-f12fafac5a6ab02fa2544eafef8dead847f7353e.zip
Make hidden service authorization work again.
The refactoring in commit 471ab340325 wasn't complete enough: we were checking the auth_len variable, but never actually setting it, so it would never seem that authentication had been provided. This commit also removes a bunch of unused variables from rend_service_introduce, whose unusedness we hadn't noticed because we were wiping them at the end of the function. Fix for bug 8207; bugfix on 0.2.4.1-alpha.
Diffstat (limited to 'src/or/rendservice.c')
-rw-r--r--src/or/rendservice.c12
1 files changed, 3 insertions, 9 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 10d232c039..a066e02024 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1119,11 +1119,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
crypt_path_t *cpath = NULL;
char hexcookie[9];
int circ_needs_uptime;
- char intro_key_digest[DIGEST_LEN];
- size_t auth_len = 0;
- char auth_data[REND_DESC_COOKIE_LEN];
time_t now = time(NULL);
- char diffie_hellman_hash[DIGEST_LEN];
time_t elapsed;
int replay;
@@ -1296,8 +1292,9 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
/* If the service performs client authorization, check included auth data. */
if (service->clients) {
- if (auth_len > 0) {
- if (rend_check_authorization(service, auth_data)) {
+ if (parsed_req->version == 3 && parsed_req->u.v3.auth_len > 0) {
+ if (rend_check_authorization(service,
+ (const char*)parsed_req->u.v3.auth_data)) {
log_info(LD_REND, "Authorization data in INTRODUCE2 cell are valid.");
} else {
log_info(LD_REND, "The authorization data that are contained in "
@@ -1410,9 +1407,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
memwipe(buf, 0, sizeof(buf));
memwipe(serviceid, 0, sizeof(serviceid));
memwipe(hexcookie, 0, sizeof(hexcookie));
- memwipe(intro_key_digest, 0, sizeof(intro_key_digest));
- memwipe(auth_data, 0, sizeof(auth_data));
- memwipe(diffie_hellman_hash, 0, sizeof(diffie_hellman_hash));
/* Free the parsed cell */
if (parsed_req) {