[or-cvs] Verify that router fingerprint lines match identity keys. (...
Nick Mathewson
nickm at seul.org
Tue Nov 15 21:24:34 UTC 2005
Update of /home/or/cvsroot/tor/src/or
In directory moria:/tmp/cvs-serv27402/src/or
Modified Files:
routerparse.c
Log Message:
Verify that router fingerprint lines match identity keys. (We dont use them, but others might.)
Index: routerparse.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/routerparse.c,v
retrieving revision 1.159
retrieving revision 1.160
diff -u -d -r1.159 -r1.160
--- routerparse.c 5 Nov 2005 20:15:27 -0000 1.159
+++ routerparse.c 15 Nov 2005 21:24:32 -0000 1.160
@@ -135,7 +135,7 @@
{ "dir-signing-key", K_DIR_SIGNING_KEY, ARGS, OBJ_OK,
DIR|NETSTATUS},
{ "family", K_FAMILY, ARGS, NO_OBJ, RTR },
- { "fingerprint", K_FINGERPRINT, ARGS, NO_OBJ, ANYSIGNED },
+ { "fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ, ANYSIGNED },
{ "hibernating", K_HIBERNATING, ARGS, NO_OBJ, RTR },
{ "read-history", K_READ_HISTORY, ARGS, NO_OBJ, RTR },
{ "write-history", K_WRITE_HISTORY, ARGS, NO_OBJ, RTR },
@@ -851,6 +851,25 @@
warn(LD_DIR, "Couldn't calculate key digest"); goto err;
}
+ if ((tok = find_first_by_keyword(tokens, K_FINGERPRINT))) {
+ /* If there's a fingerprint line, it must match the identity digest. */
+ char d[DIGEST_LEN];
+ if (tok->n_args < 1) {
+ warn(LD_DIR, "Too few arguments to fingerprint");
+ goto err;
+ }
+ tor_strstrip(tok->args[0], " ");
+ if (base16_decode(d, DIGEST_LEN, tok->args[0], strlen(tok->args[0]))) {
+ warn(LD_DIR, "Couldn't decode fingerprint '%s'", tok->args[0]);
+ goto err;
+ }
+ if (memcmp(d,router->cache_info.identity_digest, DIGEST_LEN)!=0) {
+ warn(LD_DIR, "Fingerprint '%s' does not match identity digest.",
+ tok->args[0]);
+ goto err;
+ }
+ }
+
if ((tok = find_first_by_keyword(tokens, K_PLATFORM))) {
router->platform = tor_strdup(tok->args[0]);
}
More information about the tor-commits
mailing list