commit f5099ba84b5116eca6fb5d1805d9de05d5e65a0b Author: Karsten Loesing karsten.loesing@gmx.net Date: Thu Jan 7 11:53:05 2016 +0100

Add length check before parsing identity-ed25519.

Found while implementing similar functionality in metrics-lib. --- .../torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/org/torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java b/src/org/torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java index af145c7..a0f9dda 100644 --- a/src/org/torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java +++ b/src/org/torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java @@ -950,7 +950,10 @@ public class SanitizedBridgesWriter extends Thread { private String parseMasterKeyEd25519FromIdentityEd25519( String identityEd25519Base64) { byte[] identityEd25519 = Base64.decodeBase64(identityEd25519Base64); - if (identityEd25519[0] != 0x01) { + if (identityEd25519.length < 40) { + this.logger.warning("Invalid length of identity-ed25519 (in " + + "bytes): " + identityEd25519.length); + } else if (identityEd25519[0] != 0x01) { this.logger.warning("Unknown version in identity-ed25519: " + identityEd25519[0]); } else if (identityEd25519[1] != 0x04) {