[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [atlas/master] Do not rehash invalid fingerprints
commit 20acb807fb691e2c3f0948c88ef2f95fb00c9f23
Author: cypherpunks <cypherpunks@xxxxxxxxxxxxxx>
Date: Thu Mar 2 14:50:41 2017 +0000
Do not rehash invalid fingerprints
The regular expression only matches the beginning of the fingerprint.
This allows passing invalid hexadecimal strings to the JavaScript SHA
library which aborts further page loading.
Also rename the function to reflect that it only supports one
fingerprint argument, not an array of fingerprints.
Closes #21612.
---
js/router.js | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/js/router.js b/js/router.js
index 2c02dad..65cf8af 100644
--- a/js/router.js
+++ b/js/router.js
@@ -20,8 +20,8 @@ define([
'*actions': 'defaultAction'
},
- hashFingerprints: function(fp){
- if (fp.match(/^[a-f0-9]{40}/i) != null)
+ hashFingerprint: function(fp){
+ if (fp.match(/^[a-f0-9]{40}$/i) != null)
return new jsSHA(fp, "HEX").getHash("SHA-1", "HEX").toUpperCase();
else
return fp
@@ -36,7 +36,7 @@ define([
$("#loading").show();
$("#content").hide();
- mainDetailsView.model.fingerprint = this.hashFingerprints(fingerprint);
+ mainDetailsView.model.fingerprint = this.hashFingerprint(fingerprint);
mainDetailsView.model.lookup({
success: function(relay) {
$("#content").show();
@@ -68,7 +68,7 @@ define([
$("#loading").hide();
} else {
doSearchView.collection.url =
- doSearchView.collection.baseurl + this.hashFingerprints(query);
+ doSearchView.collection.baseurl + this.hashFingerprint(query);
doSearchView.collection.lookup({
success: function(err){
doSearchView.relays = doSearchView.collection.models;
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits