dirauth: don't use hardcoded length when parsing digests

When parsing detached signature, we make sure that we use the length of the
digest algorithm instead of an hardcoded DIGEST256_LEN in order to avoid
comparing bytes out of bound with a smaller digest length such as SHA1.

Fixes #19066

Signed-off-by: David Goulet <dgoulet@torproject.org>

1 files changed, 5 insertions, 3 deletions

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 600d55294f..e44899f0cf 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3505,7 +3505,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
     digest_algorithm_t alg;
     const char *flavor;
     const char *hexdigest;
-    size_t expected_length;
+    size_t expected_length, digest_length;
 
     tok = _tok;
 
@@ -3530,6 +3530,8 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
 
     expected_length =
       (alg == DIGEST_SHA1) ? HEX_DIGEST_LEN : HEX_DIGEST256_LEN;
+    digest_length =
+      (alg == DIGEST_SHA1) ? DIGEST_LEN : DIGEST256_LEN;
 
     if (strlen(hexdigest) != expected_length) {
       log_warn(LD_DIR, "Wrong length on consensus-digest in detached "
@@ -3538,12 +3540,12 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
     }
     digests = detached_get_digests(sigs, flavor);
     tor_assert(digests);
-    if (!tor_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
+    if (!tor_mem_is_zero(digests->d[alg], digest_length)) {
       log_warn(LD_DIR, "Multiple digests for %s with %s on detached "
                "signatures document", flavor, algname);
       continue;
     }
-    if (base16_decode(digests->d[alg], DIGEST256_LEN,
+    if (base16_decode(digests->d[alg], digest_length,
                       hexdigest, strlen(hexdigest)) < 0) {
       log_warn(LD_DIR, "Bad encoding on consensus-digest in detached "
                "networkstatus signatures");