diff options
| author | George Kadianakis <desnacked@riseup.net> | 2020-02-11 18:37:55 +0200 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-03-17 11:44:45 -0400 |
| commit | 089e57d22f7c5e755a2d88d0b102207f7207ee27 (patch) | |
| tree | 8709d3e8c1c494147d8a17989ee3a020a4bcb6ba /src | |
| parent | c940b7cf13d8ceb5705d52c215256e1de5a4e757 (diff) | |
| download | tor-089e57d22f7c5e755a2d88d0b102207f7207ee27.tar.gz tor-089e57d22f7c5e755a2d88d0b102207f7207ee27.zip | |
Fix TROVE-2020-003.
Given that ed25519 public key validity checks are usually not needed
and (so far) they are only necessary for onion addesses in the Tor
protocol, we decided to fix this specific bug instance without
modifying the rest of the codebase (see below for other fix
approaches).
In our minimal fix we check that the pubkey in
hs_service_add_ephemeral() is valid and error out otherwise.
Diffstat (limited to 'src')
| -rw-r--r-- | src/feature/hs/hs_service.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 7e150599fc..6d32cae86c 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -3578,6 +3578,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, goto err; } + if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) { + log_warn(LD_CONFIG, "Bad ed25519 private key was provided"); + ret = RSAE_BADPRIVKEY; + goto err; + } + /* Make sure we have at least one port. */ if (smartlist_len(service->config.ports) == 0) { log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified " |