summaryrefslogtreecommitdiff
path: root/src/or/routerparse.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-01-13 14:36:41 -0500
committerNick Mathewson <nickm@torproject.org>2011-01-15 11:49:25 -0500
commit115782bdbe42e4b3d5cb386d2939a883bc381d12 (patch)
treefacebd78bfcd426d3404999e5237c502fb34ebaa /src/or/routerparse.c
parenta16902b9d4b0a912eb0a252bb945cbeaaa40dacb (diff)
downloadtor-115782bdbe42e4b3d5cb386d2939a883bc381d12.tar.gz
tor-115782bdbe42e4b3d5cb386d2939a883bc381d12.zip
Fix a heap overflow found by debuger, and make it harder to make that mistake again
Our public key functions assumed that they were always writing into a large enough buffer. In one case, they weren't. (Incorporates fixes from sebastian)
Diffstat (limited to 'src/or/routerparse.c')
-rw-r--r--src/or/routerparse.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index fc30c625bf..9ad84ed8db 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -571,10 +571,12 @@ router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
crypto_pk_env_t *private_key)
{
char *signature;
- size_t i;
+ size_t i, keysize;
- signature = tor_malloc(crypto_pk_keysize(private_key));
- if (crypto_pk_private_sign(private_key, signature, digest, DIGEST_LEN) < 0) {
+ keysize = crypto_pk_keysize(private_key);
+ signature = tor_malloc(keysize);
+ if (crypto_pk_private_sign(private_key, signature, keysize,
+ digest, DIGEST_LEN) < 0) {
log_warn(LD_BUG,"Couldn't sign digest.");
goto err;
@@ -924,6 +926,7 @@ check_signature_token(const char *digest,
const char *doctype)
{
char *signed_digest;
+ size_t keysize;
const int check_authority = (flags & CST_CHECK_AUTHORITY);
const int check_objtype = ! (flags & CST_NO_CHECK_OBJTYPE);
@@ -945,9 +948,10 @@ check_signature_token(const char *digest,
}
}
- signed_digest = tor_malloc(tok->object_size);
- if (crypto_pk_public_checksig(pkey, signed_digest, tok->object_body,
- tok->object_size)
+ keysize = crypto_pk_keysize(pkey);
+ signed_digest = tor_malloc(keysize);
+ if (crypto_pk_public_checksig(pkey, signed_digest, keysize,
+ tok->object_body, tok->object_size)
!= DIGEST_LEN) {
log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
tor_free(signed_digest);
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion