[tor-commits] [vidalia/master] Check that the auth cookie size is exactly 32bytes

chiiph at torproject.org chiiph at torproject.org
Sat Dec 24 22:27:49 UTC 2011


commit 61b7e05b048c6a3fae1454a30979b34e1236eded
Author: Tomás Touceda <chiiph at torproject.org>
Date:   Sat Dec 24 18:32:14 2011 -0300

    Check that the auth cookie size is exactly 32bytes
---
 changes/bug4304            |    2 ++
 src/vidalia/MainWindow.cpp |    5 +++++
 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/changes/bug4304 b/changes/bug4304
new file mode 100644
index 0000000..cc48e7e
--- /dev/null
+++ b/changes/bug4304
@@ -0,0 +1,2 @@
+  o Check that the authentication-cookie file length is exactly 32
+    bytes long. Fixes bug 4304.
\ No newline at end of file
diff --git a/src/vidalia/MainWindow.cpp b/src/vidalia/MainWindow.cpp
index c9cb8a8..a60509f 100644
--- a/src/vidalia/MainWindow.cpp
+++ b/src/vidalia/MainWindow.cpp
@@ -1423,6 +1423,11 @@ MainWindow::authenticate()
       cookieDir = QFileInfo(cookieDir).absolutePath();
       cookie = loadControlCookie(cookieDir);
     }
+    if(cookie.size() != 32) {
+      vWarn(QString("Cookie length has to be exactly 32 bytes long. Found %s bytes")
+            .arg(cookie.size()));
+      goto cancel;
+    }
     vNotice("Authenticating using 'cookie' authentication.");
     return _torControl->authenticate(cookie);
   } else if (authMethod == TorSettings::PasswordAuth) {





More information about the tor-commits mailing list