Commit 358ce9a1 authored by Nick Mathewson's avatar Nick Mathewson 🥔 Committed by Mike Perry
Browse files

Add a size argument for the buffer on onion handshake functions

parent d057f45c
Loading
Loading
Loading
Loading
+16 −3
Original line number Diff line number Diff line
@@ -103,19 +103,23 @@ onion_handshake_state_release(onion_handshake_state_t *state)

/** Perform the first step of a circuit-creation handshake of type <b>type</b>
 * (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in
 * <b>onion_skin_out</b>, and store any state information in <b>state_out</b>.
 * <b>onion_skin_out</b> with length of up to <b>onion_skin_out_maxlen</b>,
 * and store any state information in <b>state_out</b>.
 * Return -1 on failure, and the length of the onionskin on acceptance.
 */
int
onion_skin_create(int type,
                  const extend_info_t *node,
                  onion_handshake_state_t *state_out,
                  uint8_t *onion_skin_out)
                  uint8_t *onion_skin_out,
                  size_t onion_skin_out_maxlen)
{
  int r = -1;

  switch (type) {
  case ONION_HANDSHAKE_TYPE_TAP:
    if (onion_skin_out_maxlen < TAP_ONIONSKIN_CHALLENGE_LEN)
      return -1;
    if (!node->onion_key)
      return -1;

@@ -133,6 +137,8 @@ onion_skin_create(int type,
    r = CREATE_FAST_LEN;
    break;
  case ONION_HANDSHAKE_TYPE_NTOR:
    if (onion_skin_out_maxlen < NTOR_ONIONSKIN_LEN)
      return -1;
   if (!extend_info_supports_ntor(node))
      return -1;
    if (onion_skin_ntor_create((const uint8_t*)node->identity_digest,
@@ -175,6 +181,7 @@ onion_skin_server_handshake(int type,
                      const uint8_t *onion_skin, size_t onionskin_len,
                      const server_onion_keys_t *keys,
                      uint8_t *reply_out,
                      size_t reply_out_maxlen,
                      uint8_t *keys_out, size_t keys_out_len,
                      uint8_t *rend_nonce_out)
{
@@ -182,6 +189,8 @@ onion_skin_server_handshake(int type,

  switch (type) {
  case ONION_HANDSHAKE_TYPE_TAP:
    if (reply_out_maxlen < TAP_ONIONSKIN_REPLY_LEN)
      return -1;
    if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN)
      return -1;
    if (onion_skin_TAP_server_handshake((const char*)onion_skin,
@@ -193,6 +202,8 @@ onion_skin_server_handshake(int type,
    memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN);
    break;
  case ONION_HANDSHAKE_TYPE_FAST:
    if (reply_out_maxlen < CREATED_FAST_LEN)
      return -1;
    if (onionskin_len != CREATE_FAST_LEN)
      return -1;
    if (fast_server_handshake(onion_skin, reply_out, keys_out, keys_out_len)<0)
@@ -201,6 +212,8 @@ onion_skin_server_handshake(int type,
    memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
    break;
  case ONION_HANDSHAKE_TYPE_NTOR:
    if (reply_out_maxlen < NTOR_REPLY_LEN)
      return -1;
    if (onionskin_len < NTOR_ONIONSKIN_LEN)
      return -1;
    {
+3 −1
Original line number Diff line number Diff line
@@ -25,11 +25,13 @@ void onion_handshake_state_release(onion_handshake_state_t *state);
int onion_skin_create(int type,
                      const extend_info_t *node,
                      onion_handshake_state_t *state_out,
                      uint8_t *onion_skin_out);
                      uint8_t *onion_skin_out,
                      size_t onion_skin_out_maxlen);
int onion_skin_server_handshake(int type,
                      const uint8_t *onion_skin, size_t onionskin_len,
                      const server_onion_keys_t *keys,
                      uint8_t *reply_out,
                      size_t reply_out_maxlen,
                      uint8_t *keys_out, size_t key_out_len,
                      uint8_t *rend_nonce_out);
int onion_skin_client_handshake(int type,
+1 −0
Original line number Diff line number Diff line
@@ -426,6 +426,7 @@ cpuworker_onion_handshake_threadfn(void *state_, void *work_)
                                  cc->onionskin, cc->handshake_len,
                                  onion_keys,
                                  cell_out->reply,
                                  sizeof(cell_out->reply),
                                  rpl.keys, CPATH_KEY_MATERIAL_LEN,
                                  rpl.rend_auth_material);
  if (n < 0) {
+4 −2
Original line number Diff line number Diff line
@@ -995,7 +995,8 @@ circuit_send_first_onion_skin(origin_circuit_t *circ)
  len = onion_skin_create(cc.handshake_type,
                          circ->cpath->extend_info,
                          &circ->cpath->handshake_state,
                          cc.onionskin);
                          cc.onionskin,
                          sizeof(cc.onionskin));
  if (len < 0) {
    log_warn(LD_CIRC,"onion_skin_create (first hop) failed.");
    return - END_CIRC_REASON_INTERNAL;
@@ -1142,7 +1143,8 @@ circuit_send_intermediate_onion_skin(origin_circuit_t *circ,
  len = onion_skin_create(ec.create_cell.handshake_type,
                          hop->extend_info,
                          &hop->handshake_state,
                          ec.create_cell.onionskin);
                          ec.create_cell.onionskin,
                          sizeof(ec.create_cell.onionskin));
  if (len < 0) {
    log_warn(LD_CIRC,"onion_skin_create failed.");
    return - END_CIRC_REASON_INTERNAL;
+1 −0
Original line number Diff line number Diff line
@@ -367,6 +367,7 @@ command_process_create_cell(cell_t *cell, channel_t *chan)
                                       create_cell->handshake_len,
                                       NULL,
                                       created_cell.reply,
                                       sizeof(created_cell.reply),
                                       keys, CPATH_KEY_MATERIAL_LEN,
                                       rend_circ_nonce);
    tor_free(create_cell);