[tor-commits] [atlas/master] Do not rehash invalid fingerprints

irl at torproject.org irl at torproject.org
Sat Apr 15 20:24:00 UTC 2017


commit 20acb807fb691e2c3f0948c88ef2f95fb00c9f23
Author: cypherpunks <cypherpunks at torproject.org>
Date:   Thu Mar 2 14:50:41 2017 +0000

    Do not rehash invalid fingerprints
    
    The regular expression only matches the beginning of the fingerprint.
    This allows passing invalid hexadecimal strings to the JavaScript SHA
    library which aborts further page loading.
    
    Also rename the function to reflect that it only supports one
    fingerprint argument, not an array of fingerprints.
    
    Closes #21612.
---
 js/router.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/js/router.js b/js/router.js
index 2c02dad..65cf8af 100644
--- a/js/router.js
+++ b/js/router.js
@@ -20,8 +20,8 @@ define([
     	'*actions': 'defaultAction'
     },
 
-    hashFingerprints: function(fp){
-        if (fp.match(/^[a-f0-9]{40}/i) != null)
+    hashFingerprint: function(fp){
+        if (fp.match(/^[a-f0-9]{40}$/i) != null)
             return new jsSHA(fp, "HEX").getHash("SHA-1", "HEX").toUpperCase();
         else
             return fp
@@ -36,7 +36,7 @@ define([
         $("#loading").show();
         $("#content").hide();
 
-        mainDetailsView.model.fingerprint = this.hashFingerprints(fingerprint);
+        mainDetailsView.model.fingerprint = this.hashFingerprint(fingerprint);
         mainDetailsView.model.lookup({
             success: function(relay) {
                 $("#content").show();
@@ -68,7 +68,7 @@ define([
             $("#loading").hide();
         } else {
             doSearchView.collection.url =
-                doSearchView.collection.baseurl + this.hashFingerprints(query);
+                doSearchView.collection.baseurl + this.hashFingerprint(query);
             doSearchView.collection.lookup({
                 success: function(err){
                     doSearchView.relays = doSearchView.collection.models;





More information about the tor-commits mailing list