[tor-bugs] #14905 [Tor]: client descriptor-cookies are wrong for stealth auth
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 16 05:59:19 UTC 2015
#14905: client descriptor-cookies are wrong for stealth auth
--------------------+----------------------------------
Reporter: meejah | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version: Tor: unspecified
Keywords: | Actual Points:
Parent ID: | Points:
--------------------+----------------------------------
Tor writes the descriptor-cookies for stealth-authentications into two
spots: "client_keys" and the "hostname" files. In the client_keys file,
there appears to be an off-by-one in rendservice.c:1026, around this code:
if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
extended_desc_cookie,
REND_DESC_COOKIE_LEN+1) < 0) {
log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
goto err;
}
The REND_DESC_COOKIE_LEN shouldn't have the +1, I don't believe. (Or, the
base64_encode call higher up *should* have one). In any case, both
descriptor cookies are the same after that change (and work).
This is in master, as of commit 3bcdb26267502e0d1de5d01854c8a2cf29a5e5f4
I put a simple fix in https://github.com/meejah/tor/tree/descriptor-
cookie-serialization
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14905>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list