aboutsummaryrefslogtreecommitdiff
path: root/src/or/torcert.c
diff options
context:
space:
mode:
authorcypherpunks <cypherpunks@torproject.org>2015-07-17 11:53:12 +0200
committerNick Mathewson <nickm@torproject.org>2015-11-30 22:02:22 -0500
commitbe0891667e12a223ebda02dac2ba4a855bef4e52 (patch)
tree43cefb427ecef47a8c90b3a08fe6c977e8af0156 /src/or/torcert.c
parent232ccc18c40f0d0302b2e21b0f67885c548f8e63 (diff)
downloadtor-be0891667e12a223ebda02dac2ba4a855bef4e52.tar.gz
tor-be0891667e12a223ebda02dac2ba4a855bef4e52.zip
Fix undefined behavior caused by memory overlap
The tor_cert_get_checkable_sig function uses the signing key included in the certificate (if available) when a separate public key is not given. When the signature is valid, the tor_cert_checksig function copies the public key from the checkable structure to the public key field of the certificate signing key. In situations where the separate public key is not given but the certificate includes a signing key, the source and destination pointers in the copy operation are equal and invoke undefined behavior. Undefined behaviour is avoided by ensuring both pointers are different.
Diffstat (limited to 'src/or/torcert.c')
-rw-r--r--src/or/torcert.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/or/torcert.c b/src/or/torcert.c
index 596cd2be31..ef5b4c0c3b 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -206,7 +206,11 @@ tor_cert_checksig(tor_cert_t *cert,
return -1;
} else {
cert->sig_ok = 1;
- memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
+ /* Only copy the checkable public key when it is different from the signing
+ * key of the certificate to avoid undefined behavior. */
+ if (cert->signing_key.pubkey != checkable.pubkey->pubkey) {
+ memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
+ }
cert->cert_valid = 1;
return 0;
}