diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-25 17:15:22 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-01-25 17:15:22 -0500 |
| commit | 71862ed76325a97025339ea9348e2f527a4eb940 (patch) | |
| tree | c3f1b1040082fe4f932b80272f5a6d3496d0a0b5 /src/or | |
| parent | 7a446e6754b21eae1b0cfe3b0cf737ac2be964a9 (diff) | |
| download | tor-71862ed76325a97025339ea9348e2f527a4eb940.tar tor-71862ed76325a97025339ea9348e2f527a4eb940.tar.gz | |
Fix bug in verifying directory signatures with short digests
If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.
Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/routerparse.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 5ceb298b8..db7161e3d 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1088,7 +1088,7 @@ check_signature_token(const char *digest, signed_digest = tor_malloc(keysize); if (crypto_pk_public_checksig(pkey, signed_digest, keysize, tok->object_body, tok->object_size) - < DIGEST_LEN) { + < digest_len) { log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype); tor_free(signed_digest); return -1; |