diff options
author | Nick Mathewson <nickm@torproject.org> | 2014-11-04 00:24:56 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2014-11-04 00:24:56 -0500 |
commit | 593909ea70db9c00d3ae6d3448fb096464e0853d (patch) | |
tree | c9d75e2b6792a50a6bb7c333a58ec6f108d46560 /src | |
parent | 71355e1db937b0b940bb9510c927e3e500cabc22 (diff) | |
parent | b10e5ac7b86c459a62cfc316c8be87143d2a87e4 (diff) | |
download | tor-593909ea70db9c00d3ae6d3448fb096464e0853d.tar.gz tor-593909ea70db9c00d3ae6d3448fb096464e0853d.zip |
Merge remote-tracking branch 'public/bug13214_025_squashed'
Diffstat (limited to 'src')
-rw-r--r-- | src/or/directory.c | 3 | ||||
-rw-r--r-- | src/or/rendcommon.c | 19 | ||||
-rw-r--r-- | src/or/rendcommon.h | 1 |
3 files changed, 22 insertions, 1 deletions
diff --git a/src/or/directory.c b/src/or/directory.c index 35f8cbbd8a..df9e7f8ad3 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -2082,7 +2082,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn) (int)body_len, status_code, escaped(reason)); switch (status_code) { case 200: - switch (rend_cache_store_v2_desc_as_client(body, conn->rend_data)) { + switch (rend_cache_store_v2_desc_as_client(body, + conn->requested_resource, conn->rend_data)) { case RCS_BADDESC: case RCS_NOTDIR: /* Impossible */ log_warn(LD_REND,"Fetching v2 rendezvous descriptor failed. " diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index 18f1b43d08..df74b745a2 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1034,10 +1034,14 @@ rend_cache_store_v2_desc_as_dir(const char *desc) * If the descriptor's service ID does not match * <b>rend_query</b>-\>onion_address, reject it. * + * If the descriptor's descriptor ID doesn't match <b>desc_id_base32</b>, + * reject it. + * * Return an appropriate rend_cache_store_status_t. */ rend_cache_store_status_t rend_cache_store_v2_desc_as_client(const char *desc, + const char *desc_id_base32, const rend_data_t *rend_query) { /*XXXX this seems to have a bit of duplicate code with @@ -1064,10 +1068,19 @@ rend_cache_store_v2_desc_as_client(const char *desc, time_t now = time(NULL); char key[REND_SERVICE_ID_LEN_BASE32+2]; char service_id[REND_SERVICE_ID_LEN_BASE32+1]; + char want_desc_id[DIGEST_LEN]; rend_cache_entry_t *e; rend_cache_store_status_t retval = RCS_BADDESC; tor_assert(rend_cache); tor_assert(desc); + tor_assert(desc_id_base32); + memset(want_desc_id, 0, sizeof(want_desc_id)); + if (base32_decode(want_desc_id, sizeof(want_desc_id), + desc_id_base32, strlen(desc_id_base32)) != 0) { + log_warn(LD_BUG, "Couldn't decode base32 %s for descriptor id.", + escaped_safe_str_client(desc_id_base32)); + goto err; + } /* Parse the descriptor. */ if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content, &intro_size, &encoded_size, @@ -1086,6 +1099,12 @@ rend_cache_store_v2_desc_as_client(const char *desc, service_id, safe_str(rend_query->onion_address)); goto err; } + if (tor_memneq(desc_id, want_desc_id, DIGEST_LEN)) { + log_warn(LD_REND, "Received service descriptor for %s with incorrect " + "descriptor ID.", service_id); + goto err; + } + /* Decode/decrypt introduction points. */ if (intro_content) { int n_intro_points; diff --git a/src/or/rendcommon.h b/src/or/rendcommon.h index abbb8b0849..186326a0c1 100644 --- a/src/or/rendcommon.h +++ b/src/or/rendcommon.h @@ -49,6 +49,7 @@ typedef enum { rend_cache_store_status_t rend_cache_store_v2_desc_as_dir(const char *desc); rend_cache_store_status_t rend_cache_store_v2_desc_as_client(const char *desc, + const char *desc_id_base32, const rend_data_t *rend_query); int rend_encode_v2_descriptors(smartlist_t *descs_out, |