Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix a bug in parsing HashedControlPassword.

svn:r3143
Nick Mathewson 21 years ago
parent
6cc7d32afc
commit
1e71b83890
3 changed files with 28 additions and 6 deletions
Unified View Show Diff Stats
  1. 1 3
      src/or/config.c
  2. 26 3
      src/or/control.c
  3. 1 0
      src/or/or.h

+ 1 - 3
src/or/config.c
View File 

@@ -1402,9 +1402,7 @@ options_validate(or_options_t *options)
 
   }
 
   }
 
 
 
   if (options->HashedControlPassword) {
 
   if (options->HashedControlPassword) {
 
-    char buf[S2K_SPECIFIER_LEN+DIGEST_LEN];
 
-    if (base64_decode(buf,sizeof(buf),options->HashedControlPassword,
 
-                      strlen(options->HashedControlPassword)!=sizeof(buf))) {
 
+    if (decode_hashed_password(NULL, options->HashedControlPassword)<0) {
 
       log_fn(LOG_WARN,"Bad HashedControlPassword: wrong length or bad base64");
 
       log_fn(LOG_WARN,"Bad HashedControlPassword: wrong length or bad base64");
 
       result = -1;
 
       result = -1;
 
     }
 
     }

+ 26 - 3
src/or/control.c
View File 

@@ -324,6 +324,31 @@ handle_control_setevents(connection_t *conn, uint16_t len, const char *body)
 
   return 0;
 
   return 0;
 
 }
 
 }
 
 
 
+/** Decode the hashed, base64'd password stored in <b>hashed</b>.  If
 
+ * <b>buf</b> is provided, store the hashed password in the first
 
+ * S2K_SPECIFIER_LEN+DIGEST_LEN bytes of <b>buf</b>.  Return 0 on
 
+ * success, -1 on failure.
 
+ */
 
+int
 
+decode_hashed_password(char *buf, const char *hashed)
 
+{
 
+  size_t len = strlen(hashed)+2;
 
+  char *base64 = tor_malloc(len);
 
+  char decoded[64];
 
+  int r;
 
+  if (tor_snprintf(base64, len, "%s\n", hashed)<0)
 
+    return -1;
 
+  if ((r =  base64_decode(decoded, sizeof(decoded),
 
+                          base64, strlen(base64))) !=
 
+      S2K_SPECIFIER_LEN+DIGEST_LEN) {
 
+    printf("BB %d\n",r);
 
+    return -1;
 
+  }
 
+  if (buf)
 
+    memcpy(buf, decoded, sizeof(decoded));
 
+  return 0;
 
+}
 
+
 
 /** Called when we get an AUTHENTICATE message.  Check whether the
 
 /** Called when we get an AUTHENTICATE message.  Check whether the
 
  * authentication is valid, and if so, update the connection's state to
 
  * authentication is valid, and if so, update the connection's state to
 
  * OPEN.  Reply with DONE or ERROR.
 
  * OPEN.  Reply with DONE or ERROR.
 
@@ -340,9 +365,7 @@ handle_control_authenticate(connection_t *conn, uint16_t len, const char *body)
 
   } else if (options->HashedControlPassword) {
 
   } else if (options->HashedControlPassword) {
 
     char expected[S2K_SPECIFIER_LEN+DIGEST_LEN];
 
     char expected[S2K_SPECIFIER_LEN+DIGEST_LEN];
 
     char received[DIGEST_LEN];
 
     char received[DIGEST_LEN];
 
-    if (base64_decode(expected,sizeof(expected),
 
-                      options->HashedControlPassword,
 
-                      strlen(options->HashedControlPassword))<0) {
 
+    if (decode_hashed_password(expected, options->HashedControlPassword)<0) {
 
       log_fn(LOG_WARN,"Couldn't decode HashedControlPassword: invalid base64");
 
       log_fn(LOG_WARN,"Couldn't decode HashedControlPassword: invalid base64");
 
       goto err;
 
       goto err;
 
     }
 
     }

+ 1 - 0
src/or/or.h
View File 

@@ -1294,6 +1294,7 @@ int control_event_bandwidth_used(uint32_t n_read, uint32_t n_written);
 
 void control_event_logmsg(int severity, const char *msg);
 
 void control_event_logmsg(int severity, const char *msg);
 
 
 
 int init_cookie_authentication(int enabled);
 
 int init_cookie_authentication(int enabled);
 
+int decode_hashed_password(char *buf, const char *hashed);
 
 
 
 /********************************* cpuworker.c *****************************/
 
 /********************************* cpuworker.c *****************************/