[or-cvs] r15652: Validate service name in HidServAuth config. (tor/branches/121-hs-authorization/src/or)

kloesing at seul.org kloesing at seul.org
Fri Jul 4 13:59:19 UTC 2008


Author: kloesing
Date: 2008-07-04 09:59:18 -0400 (Fri, 04 Jul 2008)
New Revision: 15652

Modified:
   tor/branches/121-hs-authorization/src/or/rendclient.c
Log:
Validate service name in HidServAuth config.

Modified: tor/branches/121-hs-authorization/src/or/rendclient.c
===================================================================
--- tor/branches/121-hs-authorization/src/or/rendclient.c	2008-07-04 08:26:56 UTC (rev 15651)
+++ tor/branches/121-hs-authorization/src/or/rendclient.c	2008-07-04 13:59:18 UTC (rev 15652)
@@ -781,6 +781,7 @@
   smartlist_t *sl = smartlist_create();
   rend_service_authorization_t *auth = NULL;
   int res = 0;
+  size_t len;
   tor_assert(config_line);
   smartlist_split_string(sl, config_line, " ",
                            SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
@@ -794,6 +795,15 @@
   service_name = smartlist_get(sl, 0);
   auth = tor_malloc_zero(sizeof(rend_service_authorization_t));
   auth->service_name = strdup(smartlist_get(sl, 0));
+  len = strlen(auth->service_name);
+  if (len < 1 || len > 19 ||
+      strspn(auth->service_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) {
+    log_warn(LD_CONFIG, "HidServAuth contains an illegal service name: "
+                        "'%s'. (Length must be between 1 and 19, and "
+                        "valid characters are [A-Za-z0-9+-_].)",
+             auth->service_name);
+    goto free;
+  }
   if (auth_hid_servs && strmap_get(auth_hid_servs, auth->service_name)) {
     log_warn(LD_CONFIG, "Duplicate service name for configuration line: "
                         "'%s'", auth->service_name);



More information about the tor-commits mailing list