Skip to content

Commit

Permalink
fixup! hs-v3: Decrypt the descriptor with client private key
Browse files Browse the repository at this point in the history
  • Loading branch information
@dgoulet-tor
dgoulet-tor committed Sep 5, 2018
1 parent 4ba612a commit 97404e3
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions src/feature/hs/hs_descriptor.c
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -1133,21 +1133,28 @@ decode_auth_client(const directory_token_t *tok,
hs_desc_authorized_client_t *client) hs_desc_authorized_client_t *client)
{ {
int ret = -1; int ret = -1;
size_t tok0_len, tok1_len, tok2_len;

tor_assert(tok); tor_assert(tok);
tor_assert(tok->n_args >= 3); tor_assert(tok->n_args >= 3);
tor_assert(client); tor_assert(client);


/* Get the length once and only once. */
tok0_len = strlen(tok->args[0]);
tok1_len = strlen(tok->args[1]);
tok2_len = strlen(tok->args[2]);

if (base64_decode((char *) client->client_id, sizeof(client->client_id), if (base64_decode((char *) client->client_id, sizeof(client->client_id),
tok->args[0], strlen(tok->args[0])) < 0) { tok->args[0], tok0_len) != (int) tok0_len) {

This comment has been minimized.

Sign in to view

Copy link
@asn-d6

asn-d6 Sep 6, 2018

Member

I think this is not right. base64_decode() returns the number of bytes written, not read. Hence we should check that the retval is what we expect to be getting out of base64, in this case I think sizeof(client->client_id) if I'm not mistaken.

e.g.:

digest_from_base64(char *digest, const char *d64)
{
  if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
    return 0;
  else
    return -1;
}

This comment has been minimized.

Sign in to view

Copy link
@nmathewson

nmathewson Sep 6, 2018

Contributor

asn is right here.This makes me worried that this code is not tested.
goto done; goto done;
} }
if (base64_decode((char *) client->iv, sizeof(client->iv), if (base64_decode((char *) client->iv, sizeof(client->iv),
tok->args[1], strlen(tok->args[1])) < 0) { tok->args[1], tok1_len) != (int) tok1_len) {
goto done; goto done;
} }
if (base64_decode((char *) client->encrypted_cookie, if (base64_decode((char *) client->encrypted_cookie,
sizeof(client->encrypted_cookie), sizeof(client->encrypted_cookie),
tok->args[2], strlen(tok->args[2])) < 0) { tok->args[2], tok2_len) != (int) tok2_len) {
goto done; goto done;
} }


Expand Down

0 comments on commit 97404e3

Please sign in to comment.