diff options
-rw-r--r-- | src/or/rendclient.c | 13 | ||||
-rw-r--r-- | src/or/rendmid.c | 4 | ||||
-rw-r--r-- | src/or/rendservice.c | 4 |
3 files changed, 14 insertions, 7 deletions
diff --git a/src/or/rendclient.c b/src/or/rendclient.c index e6a990bd2b..f2bbdc0896 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -56,7 +56,7 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) { size_t payload_len; int r; char payload[RELAY_PAYLOAD_SIZE]; - char tmp[(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+DH_KEY_LEN]; + char tmp[1+(MAX_HEX_NICKNAME_LEN+1)+REND_COOKIE_LEN+DH_KEY_LEN]; rend_cache_entry_t *entry; crypt_path_t *cpath; @@ -92,17 +92,20 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) { } /* write the remaining items into tmp */ - strncpy(tmp, rendcirc->build_state->chosen_exit_name, (MAX_NICKNAME_LEN+1)); /* nul pads */ - memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN); + tmp[0] = 1; /* version 1 of the cell format */ + strncpy(tmp+1, rendcirc->build_state->chosen_exit_name, (MAX_HEX_NICKNAME_LEN+1)); /* nul pads */ + memcpy(tmp+1+MAX_HEX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN); if (crypto_dh_get_public(cpath->handshake_state, - tmp+MAX_NICKNAME_LEN+1+REND_COOKIE_LEN, + tmp+1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN, DH_KEY_LEN)<0) { log_fn(LOG_WARN, "Couldn't extract g^x"); goto err; } + /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg, + * to avoid buffer overflows? */ r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, tmp, - MAX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN, + 1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN, payload+DIGEST_LEN, PK_PKCS1_OAEP_PADDING, 0); if (r<0) { diff --git a/src/or/rendmid.c b/src/or/rendmid.c index a64b844343..e5a342c08e 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -122,6 +122,8 @@ rend_mid_introduce(circuit_t *circ, const char *request, size_t request_len) goto err; } +/* change MAX_NICKNAME_LEN to MAX_HEX_NICKNAME_LEN when 0.0.8.1 and + * 0.0.9pre3-4 are obsolete. */ if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+ DH_KEY_LEN+CIPHER_KEY_LEN+PKCS1_OAEP_PADDING_OVERHEAD)) { log_fn(LOG_WARN, @@ -153,7 +155,7 @@ rend_mid_introduce(circuit_t *circ, const char *request, size_t request_len) log_fn(LOG_WARN, "Unable to send INTRODUCE2 cell to OP."); goto err; } - /* And sent an ack down the cirecuit. Empty body->succeeded. */ + /* And sent an ack down Alice's circuit. Empty body means succeeded. */ if (connection_edge_send_command(NULL,circ,RELAY_COMMAND_INTRODUCE_ACK, NULL,0,NULL)) { log_fn(LOG_WARN, "Unable to send INTRODUCE_ACK cell to OP."); diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 028c2010dc..f44e1d34e7 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -400,13 +400,15 @@ rend_service_introduce(circuit_t *circuit, const char *request, size_t request_l len = r; if (*buf == 1) { rp_nickname = buf+1; - nickname_field_len = HEX_DIGEST_LEN+2; + nickname_field_len = MAX_HEX_NICKNAME_LEN+1; version = 1; } else { nickname_field_len = MAX_NICKNAME_LEN+1; rp_nickname = buf; version = 0; } + /* XXX when 0.0.8.1 and 0.0.9pre3-4 are obsolete, change this to + * reject version != 1. */ ptr=memchr(rp_nickname,0,nickname_field_len); if (!ptr || ptr == rp_nickname) { log_fn(LOG_WARN, "Couldn't find a null-padded nickname in INTRODUCE2 cell"); |