diff options
| -rw-r--r-- | changes/bug33545 | 4 | ||||
| -rw-r--r-- | src/feature/control/control_hs.c | 9 | ||||
| -rw-r--r-- | src/feature/hs/hs_client.h | 2 | ||||
| -rw-r--r-- | src/test/test_hs_control.c | 14 |
4 files changed, 27 insertions, 2 deletions
diff --git a/changes/bug33545 b/changes/bug33545 new file mode 100644 index 0000000000..c051b01605 --- /dev/null +++ b/changes/bug33545 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden services): + - Block a client-side assert by disallowing the registration of an x25519 + client auth key that's all zeroes. Fixes bug 33545; bugfix on + 0.4.3.1-alpha. Patch based on patch from "cypherpunks".
\ No newline at end of file diff --git a/src/feature/control/control_hs.c b/src/feature/control/control_hs.c index d3cd363f63..f5b331de9a 100644 --- a/src/feature/control/control_hs.c +++ b/src/feature/control/control_hs.c @@ -50,11 +50,18 @@ parse_private_key_from_control_port(const char *client_privkey_str, if (base64_decode((char*)privkey->secret_key, sizeof(privkey->secret_key), key_blob, - strlen(key_blob)) != sizeof(privkey->secret_key)) { + strlen(key_blob)) != sizeof(privkey->secret_key)) { control_printf_endreply(conn, 512, "Failed to decode x25519 private key"); goto err; } + if (fast_mem_is_zero((const char*)privkey->secret_key, + sizeof(privkey->secret_key))) { + control_printf_endreply(conn, 553, + "Invalid private key \"%s\"", key_blob); + goto err; + } + retval = 0; err: diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h index 3660bfa96c..d0a3a7015f 100644 --- a/src/feature/hs/hs_client.h +++ b/src/feature/hs/hs_client.h @@ -45,7 +45,7 @@ typedef enum { REGISTER_SUCCESS_AND_DECRYPTED, /* We failed to register these credentials, because of a bad HS address. */ REGISTER_FAIL_BAD_ADDRESS, - /* We failed to register these credentials, because of a bad HS address. */ + /* We failed to store these credentials in a persistent file on disk. */ REGISTER_FAIL_PERMANENT_STORAGE, } hs_client_register_auth_status_t; diff --git a/src/test/test_hs_control.c b/src/test/test_hs_control.c index 9277711d2a..8ba9f1173c 100644 --- a/src/test/test_hs_control.c +++ b/src/test/test_hs_control.c @@ -467,6 +467,20 @@ test_hs_control_bad_onion_client_auth_add(void *arg) cp1 = buf_get_contents(TO_CONN(&conn)->outbuf, &sz); tt_str_op(cp1, OP_EQ, "512 Failed to decode x25519 private key\r\n"); + tor_free(cp1); + tor_free(args); + + /* Register with an all zero client key */ + args = tor_strdup("jt4grrjwzyz3pjkylwfau5xnjaj23vxmhskqaeyfhrfylelw4hvxcuyd " + "x25519:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="); + retval = handle_control_command(&conn, (uint32_t) strlen(args), args); + tt_int_op(retval, OP_EQ, 0); + + /* Check contents */ + cp1 = buf_get_contents(TO_CONN(&conn)->outbuf, &sz); + tt_str_op(cp1, OP_EQ, "553 Invalid private key \"AAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAA=\"\r\n"); + client_auths = get_hs_client_auths_map(); tt_assert(!client_auths); |