diff options
Diffstat (limited to 'src/trunnel/hs')
-rw-r--r-- | src/trunnel/hs/cell_introduce1.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/src/trunnel/hs/cell_introduce1.c b/src/trunnel/hs/cell_introduce1.c index d327ea8b50..51f567655e 100644 --- a/src/trunnel/hs/cell_introduce1.c +++ b/src/trunnel/hs/cell_introduce1.c @@ -733,6 +733,7 @@ hs_cell_introduce_encrypted_new(void) hs_cell_introduce_encrypted_t *val = trunnel_calloc(1, sizeof(hs_cell_introduce_encrypted_t)); if (NULL == val) return NULL; + val->onion_key_type = 1; return val; } @@ -836,6 +837,10 @@ hs_cell_introduce_encrypted_get_onion_key_type(hs_cell_introduce_encrypted_t *in int hs_cell_introduce_encrypted_set_onion_key_type(hs_cell_introduce_encrypted_t *inp, uint8_t val) { + if (! ((val == 1))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } inp->onion_key_type = val; return 0; } @@ -1074,6 +1079,8 @@ hs_cell_introduce_encrypted_check(const hs_cell_introduce_encrypted_t *obj) if (NULL != (msg = cell_extension_check(obj->extensions))) return msg; } + if (! (obj->onion_key_type == 1)) + return "Integer out of bounds"; if (TRUNNEL_DYNARRAY_LEN(&obj->onion_key) != obj->onion_key_len) return "Length mismatch for onion_key"; { @@ -1105,7 +1112,7 @@ hs_cell_introduce_encrypted_encoded_len(const hs_cell_introduce_encrypted_t *obj /* Length of struct cell_extension extensions */ result += cell_extension_encoded_len(obj->extensions); - /* Length of u8 onion_key_type */ + /* Length of u8 onion_key_type IN [1] */ result += 1; /* Length of u16 onion_key_len */ @@ -1169,7 +1176,7 @@ hs_cell_introduce_encrypted_encode(uint8_t *output, const size_t avail, const hs goto fail; /* XXXXXXX !*/ written += result; ptr += result; - /* Encode u8 onion_key_type */ + /* Encode u8 onion_key_type IN [1] */ trunnel_assert(written <= avail); if (avail - written < 1) goto truncated; @@ -1273,10 +1280,12 @@ hs_cell_introduce_encrypted_parse_into(hs_cell_introduce_encrypted_t *obj, const trunnel_assert((size_t)result <= remaining); remaining -= result; ptr += result; - /* Parse u8 onion_key_type */ + /* Parse u8 onion_key_type IN [1] */ CHECK_REMAINING(1, truncated); obj->onion_key_type = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; + if (! (obj->onion_key_type == 1)) + goto fail; /* Parse u16 onion_key_len */ CHECK_REMAINING(2, truncated); @@ -1327,6 +1336,9 @@ hs_cell_introduce_encrypted_parse_into(hs_cell_introduce_encrypted_t *obj, const return result; trunnel_alloc_failed: return -1; + fail: + result = -1; + return result; } ssize_t |