diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-04-06 09:26:16 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-04-06 09:26:16 -0400 |
| commit | 047555214056da24d682d47562a88e53563e49ff (patch) | |
| tree | fcdf1b7cec6e6916a24ab3a7c47db5cf2faae8b0 /src/or | |
| parent | 929a8f199bc236c39794f675a7bb8ad00b155257 (diff) | |
| parent | fe69a7e1d7658d3202af0c2c7308d342faaa1559 (diff) | |
| download | tor-047555214056da24d682d47562a88e53563e49ff.tar.gz tor-047555214056da24d682d47562a88e53563e49ff.zip | |
Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/rendcommon.c | 2 | ||||
| -rw-r--r-- | src/or/rendservice.c | 10 | ||||
| -rw-r--r-- | src/or/routerparse.c | 14 |
3 files changed, 20 insertions, 6 deletions
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index 866f4fb026..5fdd13efce 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1190,7 +1190,7 @@ rend_cache_store_v2_desc_as_client(const char *desc, } /* Decode/decrypt introduction points. */ - if (intro_content) { + if (intro_content && intro_size > 0) { int n_intro_points; if (rend_query->auth_type != REND_NO_AUTH && !tor_mem_is_zero(rend_query->descriptor_cookie, diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 4ae06dfb90..fbbb2aba17 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1940,6 +1940,16 @@ rend_service_parse_intro_for_v2( goto err; } + if (128 != crypto_pk_keysize(extend_info->onion_key)) { + if (err_msg_out) { + tor_asprintf(err_msg_out, + "invalid onion key size in version %d INTRODUCE%d cell", + intro->version, + (intro->type)); + } + + goto err; + } ver_specific_len = 7+DIGEST_LEN+2+klen; diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 5a9626f0a2..9c6651292c 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -4820,7 +4820,7 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, size_t intro_points_encoded_size) { const char *current_ipo, *end_of_intro_points; - smartlist_t *tokens; + smartlist_t *tokens = NULL; directory_token_t *tok; rend_intro_point_t *intro; extend_info_t *info; @@ -4829,8 +4829,10 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, tor_assert(parsed); /** Function may only be invoked once. */ tor_assert(!parsed->intro_nodes); - tor_assert(intro_points_encoded); - tor_assert(intro_points_encoded_size > 0); + if (!intro_points_encoded || intro_points_encoded_size == 0) { + log_warn(LD_REND, "Empty or zero size introduction point list"); + goto err; + } /* Consider one intro point after the other. */ current_ipo = intro_points_encoded; end_of_intro_points = intro_points_encoded + intro_points_encoded_size; @@ -4934,8 +4936,10 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, done: /* Free tokens and clear token list. */ - SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); - smartlist_free(tokens); + if (tokens) { + SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); + smartlist_free(tokens); + } if (area) memarea_drop_all(area); |