- tor-commits - lists.torproject.org

[tor/release-0.2.2] Add crypto_pk_check_key_public_exponent function
by nickm＠torproject.org 17 May '11

17 May '11

commit d2629f78a000486f8f994ba0ab75ceeaee67fc55 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Apr 28 12:13:03 2011 -0700 Add crypto_pk_check_key_public_exponent function --- src/common/crypto.c | 12 ++++++++++++ src/common/crypto.h | 1 + 2 files changed, 13 insertions(+), 0 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index f3268fe..6761fd7 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -656,6 +656,18 @@ crypto_pk_key_is_private(const crypto_pk_env_t *key) return PRIVATE_KEY_OK(key); } +/** Return true iff env contains a public key whose public exponent + * equals 65537. + */ +int +crypto_pk_check_key_public_exponent(crypto_pk_env_t *env) +{ + tor_assert(env); + tor_assert(env->key); + + return BN_is_word(env->key->e, 65537); +} + /** Compare the public-key components of a and b. Return -1 if a\<b, 0 * if a==b, and 1 if a\>b. */ diff --git a/src/common/crypto.h b/src/common/crypto.h index 576c03d..0fcd067 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -92,6 +92,7 @@ size_t crypto_pk_keysize(crypto_pk_env_t *env); crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig); crypto_pk_env_t *crypto_pk_copy_full(crypto_pk_env_t *orig); int crypto_pk_key_is_private(const crypto_pk_env_t *key); +int crypto_pk_check_key_public_exponent(crypto_pk_env_t *env); int crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding);

1 0

[tor/release-0.2.2] Require that certain public keys have public exponent 65537
by nickm＠torproject.org 17 May '11

17 May '11

commit 987190c2bc1dc7b64f0f4acf98f6a84609c9d50c Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Apr 28 14:35:03 2011 -0700 Require that certain public keys have public exponent 65537 --- changes/check-public-key-exponents | 5 +++++ src/or/routerparse.c | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 0 deletions(-) diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents new file mode 100644 index 0000000..a8d0067 --- /dev/null +++ b/changes/check-public-key-exponents @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Require that introduction point keys and onion keys have public + exponent 65537. Bugfix on 0.2.0.10-alpha. + + diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 7ff0e2c..ceef054 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1326,6 +1326,11 @@ router_parse_entry_from_string(const char *s, const char *end, goto err; tok = find_by_keyword(tokens, K_ONION_KEY); + if (!crypto_pk_check_key_public_exponent(tok->key)) { + log_warn(LD_DIR, + "Relay's onion key had invalid exponent."); + goto err; + } router->onion_pkey = tok->key; tok->key = NULL; /* Prevent free */ @@ -3971,10 +3976,22 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, } /* Parse onion key. */ tok = find_by_keyword(tokens, R_IPO_ONION_KEY); + if (!crypto_pk_check_key_public_exponent(tok->key)) { + log_warn(LD_REND, + "Introduction point's onion key had invalid exponent."); + rend_intro_point_free(intro); + goto err; + } info->onion_key = tok->key; tok->key = NULL; /* Prevent free */ /* Parse service key. */ tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY); + if (!crypto_pk_check_key_public_exponent(tok->key)) { + log_warn(LD_REND, + "Introduction point key had invalid exponent."); + rend_intro_point_free(intro); + goto err; + } intro->intro_key = tok->key; tok->key = NULL; /* Prevent free */ /* Add extend info to list of introduction points. */

1 0

[tor/release-0.2.2] Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
by nickm＠torproject.org 17 May '11

17 May '11

commit e908e3a332dd469af2facac0846d0dc8349a30d3 Merge: 919bf6f 4a22046 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 16 14:49:55 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 Fixed trivial conflict due to headers moving into their own .h files from or.h. Conflicts: src/or/or.h changes/check-fetched-rend-desc-service-id | 7 +++++++ changes/check-public-key-exponents | 5 +++++ src/common/crypto.c | 12 ++++++++++++ src/common/crypto.h | 1 + src/or/directory.c | 5 +++-- src/or/rendcommon.c | 22 +++++++++++++++++++++- src/or/rendcommon.h | 3 ++- src/or/routerparse.c | 17 +++++++++++++++++ 8 files changed, 68 insertions(+), 4 deletions(-) diff --cc src/or/rendcommon.h index 44b5227,0000000..c51039f mode 100644,000000..100644 --- a/src/or/rendcommon.h +++ b/src/or/rendcommon.h @@@ -1,66 -1,0 +1,67 @@@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2011, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file rendcommon.h + * \brief Header file for rendcommon.c. + **/ + +#ifndef _TOR_RENDCOMMON_H +#define _TOR_RENDCOMMON_H + +/** Free all storage associated with data */ +static INLINE void +rend_data_free(rend_data_t *data) +{ + tor_free(data); +} + +int rend_cmp_service_ids(const char *one, const char *two); + +void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, + int command, size_t length, + const uint8_t *payload); + +void rend_service_descriptor_free(rend_service_descriptor_t *desc); +rend_service_descriptor_t *rend_parse_service_descriptor(const char *str, + size_t len); +int rend_get_service_id(crypto_pk_env_t *pk, char *out); +void rend_encoded_v2_service_descriptor_free( + rend_encoded_v2_service_descriptor_t *desc); +void rend_intro_point_free(rend_intro_point_t *intro); + +void rend_cache_init(void); +void rend_cache_clean(void); +void rend_cache_clean_v2_descs_as_dir(void); +void rend_cache_purge(void); +void rend_cache_free_all(void); +int rend_valid_service_id(const char *query); +int rend_cache_lookup_desc(const char *query, int version, const char **desc, + size_t *desc_len); +int rend_cache_lookup_entry(const char *query, int version, + rend_cache_entry_t **entry_out); +int rend_cache_lookup_v2_desc_as_dir(const char *query, const char **desc); - int rend_cache_store(const char *desc, size_t desc_len, int published); ++int rend_cache_store(const char *desc, size_t desc_len, int published, ++ const char *service_id); +int rend_cache_store_v2_desc_as_client(const char *desc, + const rend_data_t *rend_query); +int rend_cache_store_v2_desc_as_dir(const char *desc); +int rend_cache_size(void); +int rend_encode_v2_descriptors(smartlist_t *descs_out, + rend_service_descriptor_t *desc, time_t now, + uint8_t period, rend_auth_type_t auth_type, + crypto_pk_env_t *client_key, + smartlist_t *client_cookies); +int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, + const char *descriptor_cookie, + time_t now, uint8_t replica); +int rend_id_is_in_interval(const char *a, const char *b, const char *c); +void rend_get_descriptor_id_bytes(char *descriptor_id_out, + const char *service_id, + const char *secret_id_part); + +#endif +

1 0

[tor/release-0.2.2] squash! Add crypto_pk_check_key_public_exponent function
by nickm＠torproject.org 17 May '11

17 May '11

commit 4a22046c86bec7165e6977024ff84e2109832417 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 16 14:44:23 2011 -0400 squash! Add crypto_pk_check_key_public_exponent function Rename crypto_pk_check_key_public_exponent to crypto_pk_public_exponent_ok: it's nice to name predicates s.t. you can tell how to interpret true and false. --- src/common/crypto.c | 2 +- src/common/crypto.h | 2 +- src/or/routerparse.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index 6761fd7..dffa2c7 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -660,7 +660,7 @@ crypto_pk_key_is_private(const crypto_pk_env_t *key) * equals 65537. */ int -crypto_pk_check_key_public_exponent(crypto_pk_env_t *env) +crypto_pk_public_exponent_ok(crypto_pk_env_t *env) { tor_assert(env); tor_assert(env->key); diff --git a/src/common/crypto.h b/src/common/crypto.h index 0fcd067..8604a8d 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -92,7 +92,7 @@ size_t crypto_pk_keysize(crypto_pk_env_t *env); crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig); crypto_pk_env_t *crypto_pk_copy_full(crypto_pk_env_t *orig); int crypto_pk_key_is_private(const crypto_pk_env_t *key); -int crypto_pk_check_key_public_exponent(crypto_pk_env_t *env); +int crypto_pk_public_exponent_ok(crypto_pk_env_t *env); int crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index ceef054..19f9e38 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1326,7 +1326,7 @@ router_parse_entry_from_string(const char *s, const char *end, goto err; tok = find_by_keyword(tokens, K_ONION_KEY); - if (!crypto_pk_check_key_public_exponent(tok->key)) { + if (!crypto_pk_public_exponent_ok(tok->key)) { log_warn(LD_DIR, "Relay's onion key had invalid exponent."); goto err; @@ -3976,7 +3976,7 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, } /* Parse onion key. */ tok = find_by_keyword(tokens, R_IPO_ONION_KEY); - if (!crypto_pk_check_key_public_exponent(tok->key)) { + if (!crypto_pk_public_exponent_ok(tok->key)) { log_warn(LD_REND, "Introduction point's onion key had invalid exponent."); rend_intro_point_free(intro); @@ -3986,7 +3986,7 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, tok->key = NULL; /* Prevent free */ /* Parse service key. */ tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY); - if (!crypto_pk_check_key_public_exponent(tok->key)) { + if (!crypto_pk_public_exponent_ok(tok->key)) { log_warn(LD_REND, "Introduction point key had invalid exponent."); rend_intro_point_free(intro);

1 0

[tor/release-0.2.2] Merge branch 'maint-0.2.2' into release-0.2.2
by nickm＠torproject.org 17 May '11

17 May '11

commit c0fae841ec150930d1afc4260efa6dd942d7a260 Merge: fd105e1 e908e3a Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 16 14:55:50 2011 -0400 Merge branch 'maint-0.2.2' into release-0.2.2 changes/bug2850 | 5 ++++ changes/check-fetched-rend-desc-service-id | 7 +++++ changes/check-public-key-exponents | 5 ++++ src/common/crypto.c | 12 ++++++++++ src/common/crypto.h | 1 + src/or/connection.c | 34 +++++++++++++++++++--------- src/or/directory.c | 5 ++- src/or/rendcommon.c | 22 +++++++++++++++++- src/or/rendcommon.h | 3 +- src/or/routerparse.c | 17 ++++++++++++++ 10 files changed, 96 insertions(+), 15 deletions(-)

1 0

[tor/release-0.2.1] Merge branch 'maint-0.2.1' into release-0.2.1
by nickm＠torproject.org 17 May '11

17 May '11

commit 4a3ef002e7d775cc41ac62ce91987770f35a3d77 Merge: 109ba37 4a22046 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 16 14:55:14 2011 -0400 Merge branch 'maint-0.2.1' into release-0.2.1 changes/check-fetched-rend-desc-service-id | 7 +++++++ changes/check-public-key-exponents | 5 +++++ src/common/container.h | 2 +- src/common/crypto.c | 12 ++++++++++++ src/common/crypto.h | 1 + src/common/di_ops.c | 14 +++++++------- src/common/di_ops.h | 1 + src/or/directory.c | 5 +++-- src/or/dirvote.c | 10 ++++++---- src/or/networkstatus.c | 5 +++-- src/or/or.h | 3 ++- src/or/rendcommon.c | 22 +++++++++++++++++++++- src/or/routerlist.c | 9 +++++---- src/or/routerparse.c | 17 +++++++++++++++++ 14 files changed, 91 insertions(+), 22 deletions(-)

1 0

[tor/release-0.2.1] Another doc tweak on tor_memcmp: b, not .
by nickm＠torproject.org 17 May '11

17 May '11

commit 10d670674aa49ee6764cf93fe7d3f485a3f9ffd8 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun May 15 19:56:05 2011 -0400 Another doc tweak on tor_memcmp: b, not . --- src/common/di_ops.c | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/common/di_ops.c b/src/common/di_ops.c index 3da033c..b22a58d 100644 --- a/src/common/di_ops.c +++ b/src/common/di_ops.c @@ -10,11 +10,11 @@ #include "di_ops.h" /** - * Timing-safe version of memcmp. As memcmp, compare the sz bytes - * at a with the sz bytes at , and return less than 0 if the - * bytes at a lexically precede those at b, 0 if the byte ranges - * are equal, and greater than zero if the bytes at a lexically follow - * those at . + * Timing-safe version of memcmp. As memcmp, compare the sz bytes at + * a with the sz bytes at b, and return less than 0 if + * the bytes at a lexically precede those at b, 0 if the byte + * ranges are equal, and greater than zero if the bytes at a lexically + * follow those at b. * * This implementation differs from memcmp in that its timing behavior is not * data-dependent: it should return in the same amount of time regardless of @@ -85,7 +85,7 @@ tor_memcmp(const void *a, const void *b, size_t len) /** * Timing-safe memory comparison. Return true if the sz bytes at - * a are the same as the sz bytes at , and 0 otherwise. + * a are the same as the sz bytes at b, and 0 otherwise. * * This implementation differs from !memcmp(a,b,sz) in that its timing * behavior is not data-dependent: it should return in the same amount of time

1 0

[tor/release-0.2.1] minor tweaks to 4b19730c8234d
by nickm＠torproject.org 17 May '11

17 May '11

commit b48f83ab8c27b6a26d4afe5177238a99637a1dc1 Author: Roger Dingledine <arma(a)torproject.org> Date: Sun May 15 19:20:42 2011 -0400 minor tweaks to 4b19730c8234d --- src/common/di_ops.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/di_ops.c b/src/common/di_ops.c index c1e292f..3da033c 100644 --- a/src/common/di_ops.c +++ b/src/common/di_ops.c @@ -3,7 +3,7 @@ /** * \file di_ops.c - * \brief Functions for data-independent operations + * \brief Functions for data-independent operations. **/ #include "orconfig.h" @@ -11,7 +11,7 @@ /** * Timing-safe version of memcmp. As memcmp, compare the sz bytes - * at a with the sz bytes at , and returns less than 0 if the + * at a with the sz bytes at , and return less than 0 if the * bytes at a lexically precede those at b, 0 if the byte ranges * are equal, and greater than zero if the bytes at a lexically follow * those at .

1 0

[tor/release-0.2.1] Fixup whitespace issues from 3122 commit
by nickm＠torproject.org 17 May '11

17 May '11

commit 00ff80e0ae3a07ff3e2148d66d59716bc4630096 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun May 15 20:06:36 2011 -0400 Fixup whitespace issues from 3122 commit --- src/common/container.h | 2 +- src/common/di_ops.h | 1 + src/or/dirvote.c | 10 ++++++---- src/or/networkstatus.c | 5 +++-- src/or/routerlist.c | 9 +++++---- 5 files changed, 16 insertions(+), 11 deletions(-) diff --git a/src/common/container.h b/src/common/container.h index bb7cb89..39619b0 100644 --- a/src/common/container.h +++ b/src/common/container.h @@ -241,7 +241,7 @@ char *smartlist_join_strings2(smartlist_t *sl, const char *join, * Example use: * SMARTLIST_FOREACH_JOIN(routerstatus_list, routerstatus_t *, rs, * routerinfo_list, routerinfo_t *, ri, - * tor_memcmp(rs->identity_digest, ri->identity_digest, 20), + * tor_memcmp(rs->identity_digest, ri->identity_digest, 20), * log_info(LD_GENERAL,"No match for %s", ri->nickname)) { * log_info(LD_GENERAL, "%s matches routerstatus %p", ri->nickname, rs); * } SMARTLIST_FOREACH_JOIN_END(rs, ri); diff --git a/src/common/di_ops.h b/src/common/di_ops.h index 4a212b0..fa7d868 100644 --- a/src/common/di_ops.h +++ b/src/common/di_ops.h @@ -28,3 +28,4 @@ int tor_memeq(const void *a, const void *b, size_t sz); #define fast_memneq(a,b,c) (0!=memcmp((a),(b),(c))) #endif + diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 9e763bd..f138198 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -314,8 +314,9 @@ compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b) if ((r = fast_memcmp(a->status.identity_digest, b->status.identity_digest, DIGEST_LEN))) return r; - if ((r = fast_memcmp(a->status.descriptor_digest, b->status.descriptor_digest, - DIGEST_LEN))) + if ((r = fast_memcmp(a->status.descriptor_digest, + b->status.descriptor_digest, + DIGEST_LEN))) return r; if ((r = (int)(b->status.published_on - a->status.published_on))) return r; @@ -823,7 +824,8 @@ networkstatus_compute_consensus(smartlist_t *votes, if (index[v_sl_idx] < size[v_sl_idx]) { rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]); if (!lowest_id || - fast_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN) < 0) + fast_memcmp(rs->status.identity_digest, + lowest_id, DIGEST_LEN) < 0) lowest_id = rs->status.identity_digest; } }); @@ -881,7 +883,7 @@ networkstatus_compute_consensus(smartlist_t *votes, * routerinfo and its contents are. */ rs = compute_routerstatus_consensus(matching_descs); /* Copy bits of that into rs_out. */ - tor_assert(fast_memeq(lowest_id, rs->status.identity_digest, DIGEST_LEN)); + tor_assert(fast_memeq(lowest_id, rs->status.identity_digest,DIGEST_LEN)); memcpy(rs_out.identity_digest, lowest_id, DIGEST_LEN); memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest, DIGEST_LEN); diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index dcd8159..34d1e6e 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -1433,8 +1433,9 @@ networkstatus_set_current_consensus(const char *consensus, unsigned flags) } if (current_consensus && - tor_memeq(c->networkstatus_digest, current_consensus->networkstatus_digest, - DIGEST_LEN)) { + tor_memeq(c->networkstatus_digest, + current_consensus->networkstatus_digest, + DIGEST_LEN)) { /* We already have this one. That's a failure. */ log_info(LD_DIR, "Got a consensus we already have"); goto done; diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 9f04620..be7ba0e 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2008,8 +2008,8 @@ router_get_by_nickname(const char *nickname, int warn_if_unnamed) if (n_matches <= 1 || router->is_running) best_match = router; } else if (maybedigest && - tor_memeq(digest, router->cache_info.identity_digest, DIGEST_LEN) - ) { + tor_memeq(digest, router->cache_info.identity_digest, + DIGEST_LEN)) { if (router_hex_digest_matches(router, nickname)) return router; /* If we reach this point, we have a ID=name syntax that matches the @@ -4665,8 +4665,9 @@ routerinfo_incompatible_with_extrainfo(routerinfo_t *ri, extrainfo_t *ei, /* The identity must match exactly to have been generated at the same time * by the same router. */ - if (tor_memneq(ri->cache_info.identity_digest, ei->cache_info.identity_digest, - DIGEST_LEN)) { + if (tor_memneq(ri->cache_info.identity_digest, + ei->cache_info.identity_digest, + DIGEST_LEN)) { if (msg) *msg = "Extrainfo nickname or identity did not match routerinfo"; goto err; /* different servers */ }

1 0

[tor/release-0.2.1] Check fetched rendezvous descriptors' service IDs
by nickm＠torproject.org 17 May '11

17 May '11

commit 7571e9f1cb81927c5bd47190409a30c7f23ea4a1 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Wed Apr 27 13:37:08 2011 -0700 Check fetched rendezvous descriptors' service IDs --- changes/check-fetched-rend-desc-service-id | 7 +++++++ src/or/directory.c | 5 +++-- src/or/or.h | 3 ++- src/or/rendcommon.c | 22 +++++++++++++++++++++- 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id new file mode 100644 index 0000000..2f37c30 --- /dev/null +++ b/changes/check-fetched-rend-desc-service-id @@ -0,0 +1,7 @@ + o Security fixes: + - When fetching a hidden service descriptor, check that it is for + the hidden service we were trying to connect to, in order to + stop a directory from pre-seeding a client with a descriptor for + a hidden service that they didn't want. Bugfix on 0.0.6. + + diff --git a/src/or/directory.c b/src/or/directory.c index 01f3375..9f9b2c1 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -1909,7 +1909,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn) (int)body_len, status_code, escaped(reason)); switch (status_code) { case 200: - if (rend_cache_store(body, body_len, 0) < -1) { + if (rend_cache_store(body, body_len, 0, + conn->rend_data->onion_address) < -1) { log_warn(LD_REND,"Failed to parse rendezvous descriptor."); /* Any pending rendezvous attempts will notice when * connection_about_to_close_connection() @@ -3114,7 +3115,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers, !strcmpstart(url,"/tor/rendezvous/publish")) { /* rendezvous descriptor post */ log_info(LD_REND, "Handling rendezvous descriptor post."); - if (rend_cache_store(body, body_len, 1) < 0) { + if (rend_cache_store(body, body_len, 1, NULL) < 0) { log_fn(LOG_PROTOCOL_WARN, LD_DIRSERV, "Rejected rend descriptor (length %d) from %s.", (int)body_len, conn->_base.address); diff --git a/src/or/or.h b/src/or/or.h index 897ad32..976ba9f 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4146,7 +4146,8 @@ int rend_cache_lookup_desc(const char *query, int version, const char **desc, int rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **entry_out); int rend_cache_lookup_v2_desc_as_dir(const char *query, const char **desc); -int rend_cache_store(const char *desc, size_t desc_len, int published); +int rend_cache_store(const char *desc, size_t desc_len, int published, + const char *service_id); int rend_cache_store_v2_desc_as_client(const char *desc, const rend_data_t *rend_query); int rend_cache_store_v2_desc_as_dir(const char *desc); diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index c83573b..8727a70 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1047,9 +1047,14 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc) * * The published flag tells us if we store the descriptor * in our role as directory (1) or if we cache it as client (0). + * + * If service_id is non-NULL and the descriptor is not for that + * service ID, reject it. service_id must be specified if and + * only if published is 0 (we fetched this descriptor). */ int -rend_cache_store(const char *desc, size_t desc_len, int published) +rend_cache_store(const char *desc, size_t desc_len, int published, + const char *service_id) { rend_cache_entry_t *e; rend_service_descriptor_t *parsed; @@ -1068,6 +1073,12 @@ rend_cache_store(const char *desc, size_t desc_len, int published) rend_service_descriptor_free(parsed); return -2; } + if ((service_id != NULL) && strcmp(query, service_id)) { + log_warn(LD_REND, "Received service descriptor for service ID %s; " + "expected descriptor for service ID %s.", + query, safe_str(service_id)); + return -2; + } now = time(NULL); if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) { log_fn(LOG_PROTOCOL_WARN, LD_REND, @@ -1253,6 +1264,8 @@ rend_cache_store_v2_desc_as_dir(const char *desc) * If we have an older descriptor with the same ID, replace it. * If we have any v0 descriptor with the same ID, reject this one in order * to not get confused with having both versions for the same service. + * If the descriptor's service ID does not match + * rend_query-\>onion_address, reject it. * Return -2 if it's malformed or otherwise rejected; return -1 if we * already have a v0 descriptor here; return 0 if it's the same or older * than one we've already got; return 1 if it's novel. @@ -1303,6 +1316,13 @@ rend_cache_store_v2_desc_as_client(const char *desc, retval = -2; goto err; } + if (strcmp(rend_query->onion_address, service_id)) { + log_warn(LD_REND, "Received service descriptor for service ID %s; " + "expected descriptor for service ID %s.", + service_id, safe_str(rend_query->onion_address)); + retval = -2; + goto err; + } /* Decode/decrypt introduction points. */ if (intro_content) { if (rend_query->auth_type != REND_NO_AUTH &&

1 0