aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/or/rendclient.c13
-rw-r--r--src/or/rendmid.c4
-rw-r--r--src/or/rendservice.c4
3 files changed, 14 insertions, 7 deletions
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index e6a990bd2..f2bbdc089 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -56,7 +56,7 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
size_t payload_len;
int r;
char payload[RELAY_PAYLOAD_SIZE];
- char tmp[(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+DH_KEY_LEN];
+ char tmp[1+(MAX_HEX_NICKNAME_LEN+1)+REND_COOKIE_LEN+DH_KEY_LEN];
rend_cache_entry_t *entry;
crypt_path_t *cpath;
@@ -92,17 +92,20 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
}
/* write the remaining items into tmp */
- strncpy(tmp, rendcirc->build_state->chosen_exit_name, (MAX_NICKNAME_LEN+1)); /* nul pads */
- memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN);
+ tmp[0] = 1; /* version 1 of the cell format */
+ strncpy(tmp+1, rendcirc->build_state->chosen_exit_name, (MAX_HEX_NICKNAME_LEN+1)); /* nul pads */
+ memcpy(tmp+1+MAX_HEX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN);
if (crypto_dh_get_public(cpath->handshake_state,
- tmp+MAX_NICKNAME_LEN+1+REND_COOKIE_LEN,
+ tmp+1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN,
DH_KEY_LEN)<0) {
log_fn(LOG_WARN, "Couldn't extract g^x");
goto err;
}
+ /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
+ * to avoid buffer overflows? */
r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, tmp,
- MAX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN,
+ 1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN,
payload+DIGEST_LEN,
PK_PKCS1_OAEP_PADDING, 0);
if (r<0) {
diff --git a/src/or/rendmid.c b/src/or/rendmid.c
index a64b84434..e5a342c08 100644
--- a/src/or/rendmid.c
+++ b/src/or/rendmid.c
@@ -122,6 +122,8 @@ rend_mid_introduce(circuit_t *circ, const char *request, size_t request_len)
goto err;
}
+/* change MAX_NICKNAME_LEN to MAX_HEX_NICKNAME_LEN when 0.0.8.1 and
+ * 0.0.9pre3-4 are obsolete. */
if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+
DH_KEY_LEN+CIPHER_KEY_LEN+PKCS1_OAEP_PADDING_OVERHEAD)) {
log_fn(LOG_WARN,
@@ -153,7 +155,7 @@ rend_mid_introduce(circuit_t *circ, const char *request, size_t request_len)
log_fn(LOG_WARN, "Unable to send INTRODUCE2 cell to OP.");
goto err;
}
- /* And sent an ack down the cirecuit. Empty body->succeeded. */
+ /* And sent an ack down Alice's circuit. Empty body means succeeded. */
if (connection_edge_send_command(NULL,circ,RELAY_COMMAND_INTRODUCE_ACK,
NULL,0,NULL)) {
log_fn(LOG_WARN, "Unable to send INTRODUCE_ACK cell to OP.");
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 028c2010d..f44e1d34e 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -400,13 +400,15 @@ rend_service_introduce(circuit_t *circuit, const char *request, size_t request_l
len = r;
if (*buf == 1) {
rp_nickname = buf+1;
- nickname_field_len = HEX_DIGEST_LEN+2;
+ nickname_field_len = MAX_HEX_NICKNAME_LEN+1;
version = 1;
} else {
nickname_field_len = MAX_NICKNAME_LEN+1;
rp_nickname = buf;
version = 0;
}
+ /* XXX when 0.0.8.1 and 0.0.9pre3-4 are obsolete, change this to
+ * reject version != 1. */
ptr=memchr(rp_nickname,0,nickname_field_len);
if (!ptr || ptr == rp_nickname) {
log_fn(LOG_WARN, "Couldn't find a null-padded nickname in INTRODUCE2 cell");