Skip to content
Permalink
Browse files

fixup! hs-v3: Decrypt the descriptor with client private key

  • Loading branch information...
dgoulet-tor committed Sep 5, 2018
1 parent 4ba612a commit 97404e3a5c5f122ba45b0228d2fcbd1914d82e28
Showing with 10 additions and 3 deletions.
  1. +10 −3 src/feature/hs/hs_descriptor.c
@@ -1133,21 +1133,28 @@ decode_auth_client(const directory_token_t *tok,
hs_desc_authorized_client_t *client)
{
int ret = -1;
size_t tok0_len, tok1_len, tok2_len;

tor_assert(tok);
tor_assert(tok->n_args >= 3);
tor_assert(client);

/* Get the length once and only once. */
tok0_len = strlen(tok->args[0]);
tok1_len = strlen(tok->args[1]);
tok2_len = strlen(tok->args[2]);

if (base64_decode((char *) client->client_id, sizeof(client->client_id),
tok->args[0], strlen(tok->args[0])) < 0) {
tok->args[0], tok0_len) != (int) tok0_len) {

This comment has been minimized.

Copy link
@asn-d6

asn-d6 Sep 6, 2018

Member

I think this is not right. base64_decode() returns the number of bytes written, not read. Hence we should check that the retval is what we expect to be getting out of base64, in this case I think sizeof(client->client_id) if I'm not mistaken.

e.g.:

digest_from_base64(char *digest, const char *d64)
{
  if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
    return 0;
  else
    return -1;
}

This comment has been minimized.

Copy link
@nmathewson

nmathewson Sep 6, 2018

Contributor

asn is right here.This makes me worried that this code is not tested.

goto done;
}
if (base64_decode((char *) client->iv, sizeof(client->iv),
tok->args[1], strlen(tok->args[1])) < 0) {
tok->args[1], tok1_len) != (int) tok1_len) {
goto done;
}
if (base64_decode((char *) client->encrypted_cookie,
sizeof(client->encrypted_cookie),
tok->args[2], strlen(tok->args[2])) < 0) {
tok->args[2], tok2_len) != (int) tok2_len) {
goto done;
}

0 comments on commit 97404e3

Please sign in to comment.
You can’t perform that action at this time.