commit 61b7e05b048c6a3fae1454a30979b34e1236eded Author: Tomás Touceda chiiph@torproject.org Date: Sat Dec 24 18:32:14 2011 -0300

Check that the auth cookie size is exactly 32bytes --- changes/bug4304 | 2 ++ src/vidalia/MainWindow.cpp | 5 +++++ 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/changes/bug4304 b/changes/bug4304 new file mode 100644 index 0000000..cc48e7e --- /dev/null +++ b/changes/bug4304 @@ -0,0 +1,2 @@ + o Check that the authentication-cookie file length is exactly 32 + bytes long. Fixes bug 4304. \ No newline at end of file diff --git a/src/vidalia/MainWindow.cpp b/src/vidalia/MainWindow.cpp index c9cb8a8..a60509f 100644 --- a/src/vidalia/MainWindow.cpp +++ b/src/vidalia/MainWindow.cpp @@ -1423,6 +1423,11 @@ MainWindow::authenticate() cookieDir = QFileInfo(cookieDir).absolutePath(); cookie = loadControlCookie(cookieDir); } + if(cookie.size() != 32) { + vWarn(QString("Cookie length has to be exactly 32 bytes long. Found %s bytes") + .arg(cookie.size())); + goto cancel; + } vNotice("Authenticating using 'cookie' authentication."); return _torControl->authenticate(cookie); } else if (authMethod == TorSettings::PasswordAuth) {