mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 18:22:09 +01:00
Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts: src/or/routerparse.c src/or/test.c
This commit is contained in:
commit
1393985768
6
changes/bug2352
Normal file
6
changes/bug2352
Normal file
@ -0,0 +1,6 @@
|
||||
o Minor bugfixes
|
||||
- Fix some potential asserts and partsing issues with grossly
|
||||
malformed router caches. Fixes bug 2352. Found by doorss.
|
||||
Bugfix on Tor 0.2.1.27.
|
||||
|
||||
|
@ -518,21 +518,23 @@ crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** Read a PEM-encoded private key from the string <b>s</b> into <b>env</b>.
|
||||
* Return 0 on success, -1 on failure.
|
||||
/** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b>
|
||||
* into <b>env</b>. Return 0 on success, -1 on failure. If len is -1,
|
||||
* the string is nul-terminated.
|
||||
*/
|
||||
/* Used here, and used for testing. */
|
||||
int
|
||||
crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
|
||||
const char *s)
|
||||
const char *s, ssize_t len)
|
||||
{
|
||||
BIO *b;
|
||||
|
||||
tor_assert(env);
|
||||
tor_assert(s);
|
||||
tor_assert(len < INT_MAX && len < SIZE_T_CEILING);
|
||||
|
||||
/* Create a read-only memory BIO, backed by the NUL-terminated string 's' */
|
||||
b = BIO_new_mem_buf((char*)s, -1);
|
||||
/* Create a read-only memory BIO, backed by the string 's' */
|
||||
b = BIO_new_mem_buf((char*)s, (int)len);
|
||||
|
||||
if (env->key)
|
||||
RSA_free(env->key);
|
||||
@ -566,7 +568,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env,
|
||||
}
|
||||
|
||||
/* Try to parse it. */
|
||||
r = crypto_pk_read_private_key_from_string(env, contents);
|
||||
r = crypto_pk_read_private_key_from_string(env, contents, -1);
|
||||
tor_free(contents);
|
||||
if (r)
|
||||
return -1; /* read_private_key_from_string already warned, so we don't.*/
|
||||
|
@ -112,7 +112,7 @@ int crypto_pk_write_private_key_to_string(crypto_pk_env_t *env,
|
||||
int crypto_pk_read_public_key_from_string(crypto_pk_env_t *env,
|
||||
const char *src, size_t len);
|
||||
int crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
|
||||
const char *s);
|
||||
const char *s, ssize_t len);
|
||||
int crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
|
||||
const char *fname);
|
||||
|
||||
|
@ -3227,7 +3227,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
|
||||
}
|
||||
sig->good_signature = 1;
|
||||
} else {
|
||||
if (tok->object_size >= INT_MAX) {
|
||||
if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING) {
|
||||
tor_free(sig);
|
||||
goto err;
|
||||
}
|
||||
@ -3496,7 +3496,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
|
||||
sig->alg = alg;
|
||||
memcpy(sig->identity_digest, id_digest, DIGEST_LEN);
|
||||
memcpy(sig->signing_key_digest, sk_digest, DIGEST_LEN);
|
||||
if (tok->object_size >= INT_MAX) {
|
||||
if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING) {
|
||||
tor_free(sig);
|
||||
goto err;
|
||||
}
|
||||
@ -3814,6 +3814,10 @@ static directory_token_t *
|
||||
get_next_token(memarea_t *area,
|
||||
const char **s, const char *eos, token_rule_t *table)
|
||||
{
|
||||
/** Reject any object at least this big; it is probably an overflow, an
|
||||
* attack, a bug, or some other nonsense. */
|
||||
#define MAX_UNPARSED_OBJECT_SIZE (128*1024)
|
||||
|
||||
const char *next, *eol, *obstart;
|
||||
size_t obname_len;
|
||||
int i;
|
||||
@ -3898,7 +3902,8 @@ get_next_token(memarea_t *area,
|
||||
|
||||
obstart = *s; /* Set obstart to start of object spec */
|
||||
if (*s+16 >= eol || memchr(*s+11,'\0',eol-*s-16) || /* no short lines, */
|
||||
strcmp_len(eol-5, "-----", 5)) { /* nuls or invalid endings */
|
||||
strcmp_len(eol-5, "-----", 5) || /* nuls or invalid endings */
|
||||
(eol-*s) > MAX_UNPARSED_OBJECT_SIZE) { /* name too long */
|
||||
RET_ERR("Malformed object: bad begin line");
|
||||
}
|
||||
tok->object_type = STRNDUP(*s+11, eol-*s-16);
|
||||
@ -3923,13 +3928,16 @@ get_next_token(memarea_t *area,
|
||||
ebuf[sizeof(ebuf)-1] = '\0';
|
||||
RET_ERR(ebuf);
|
||||
}
|
||||
if (next - *s > MAX_UNPARSED_OBJECT_SIZE)
|
||||
RET_ERR("Couldn't parse object: missing footer or object much too big.");
|
||||
|
||||
if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */
|
||||
tok->key = crypto_new_pk_env();
|
||||
if (crypto_pk_read_public_key_from_string(tok->key, obstart, eol-obstart))
|
||||
RET_ERR("Couldn't parse public key.");
|
||||
} else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */
|
||||
tok->key = crypto_new_pk_env();
|
||||
if (crypto_pk_read_private_key_from_string(tok->key, obstart))
|
||||
if (crypto_pk_read_private_key_from_string(tok->key, obstart, eol-obstart))
|
||||
RET_ERR("Couldn't parse private key.");
|
||||
} else { /* If it's something else, try to base64-decode it */
|
||||
int r;
|
||||
|
@ -745,11 +745,11 @@ test_dir_v3_networkstatus(void)
|
||||
sign_skey_leg1 = pk_generate(4);
|
||||
|
||||
test_assert(!crypto_pk_read_private_key_from_string(sign_skey_1,
|
||||
AUTHORITY_SIGNKEY_1));
|
||||
AUTHORITY_SIGNKEY_1, -1));
|
||||
test_assert(!crypto_pk_read_private_key_from_string(sign_skey_2,
|
||||
AUTHORITY_SIGNKEY_2));
|
||||
AUTHORITY_SIGNKEY_2, -1));
|
||||
test_assert(!crypto_pk_read_private_key_from_string(sign_skey_3,
|
||||
AUTHORITY_SIGNKEY_3));
|
||||
AUTHORITY_SIGNKEY_3, -1));
|
||||
|
||||
test_assert(!crypto_pk_cmp_keys(sign_skey_1, cert1->signing_key));
|
||||
test_assert(!crypto_pk_cmp_keys(sign_skey_2, cert2->signing_key));
|
||||
|
Loading…
Reference in New Issue
Block a user