GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Commit 089e57d2 authored by George Kadianakis's avatar George Kadianakis Committed by Nick Mathewson
Browse files

Fix TROVE-2020-003.

Given that ed25519 public key validity checks are usually not needed
and (so far) they are only necessary for onion addesses in the Tor
protocol, we decided to fix this specific bug instance without
modifying the rest of the codebase (see below for other fix
approaches).

In our minimal fix we check that the pubkey in
hs_service_add_ephemeral() is valid and error out otherwise.
parent c940b7cf
o Minor bugfixes (onion services v3):
- Fix assertion failure that could result from a corrupted ADD_ONION control
port command. Found by Saibato. Fixes bug 33137; bugfix on
0.3.3.1-alpha. This issue is also being tracked as TROVE-2020-003.
......@@ -3578,6 +3578,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
goto err;
}
if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
ret = RSAE_BADPRIVKEY;
goto err;
}
/* Make sure we have at least one port. */
if (smartlist_len(service->config.ports) == 0) {
log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment