[tor-commits] [tor/release-0.2.6] Validate the RSA key size received when parsing INTRODUCE2 cells.
nickm at torproject.org
nickm at torproject.org
Mon Apr 6 13:31:55 UTC 2015
commit 49ddd92c115c6943c4602d44f52c22b6f47698e8
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Mon Mar 30 21:53:39 2015 +0000
Validate the RSA key size received when parsing INTRODUCE2 cells.
Fixes bug 15600; reported by skruffy
---
changes/bug15600 | 5 +++++
src/or/rendservice.c | 10 ++++++++++
2 files changed, 15 insertions(+)
diff --git a/changes/bug15600 b/changes/bug15600
new file mode 100644
index 0000000..ee1d6cf
--- /dev/null
+++ b/changes/bug15600
@@ -0,0 +1,5 @@
+ o Major bugfixes (security, hidden service):
+ - Fix an issue that would allow a malicious client to trigger
+ an assertion failure and halt a hidden service. Fixes
+ bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy".
+
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 8a4a11e..436f2f4 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1810,6 +1810,16 @@ rend_service_parse_intro_for_v2(
goto err;
}
+ if (128 != crypto_pk_keysize(extend_info->onion_key)) {
+ if (err_msg_out) {
+ tor_asprintf(err_msg_out,
+ "invalid onion key size in version %d INTRODUCE%d cell",
+ intro->version,
+ (intro->type));
+ }
+
+ goto err;
+ }
ver_specific_len = 7+DIGEST_LEN+2+klen;
More information about the tor-commits
mailing list