[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [metrics-db/master] Add length check before parsing identity-ed25519.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [metrics-db/master] Add length check before parsing identity-ed25519.
From: karsten@xxxxxxxxxxxxxx
Date: Thu, 7 Jan 2016 11:10:05 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 07 Jan 2016 06:10:16 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Karsten Loesing <karsten.loesing@xxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit f5099ba84b5116eca6fb5d1805d9de05d5e65a0b
Author: Karsten Loesing <karsten.loesing@xxxxxxx>
Date:   Thu Jan 7 11:53:05 2016 +0100

    Add length check before parsing identity-ed25519.
    
    Found while implementing similar functionality in metrics-lib.
---
 .../torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java   |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/org/torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java b/src/org/torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java
index af145c7..a0f9dda 100644
--- a/src/org/torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java
+++ b/src/org/torproject/ernie/db/bridgedescs/SanitizedBridgesWriter.java
@@ -950,7 +950,10 @@ public class SanitizedBridgesWriter extends Thread {
   private String parseMasterKeyEd25519FromIdentityEd25519(
       String identityEd25519Base64) {
     byte[] identityEd25519 = Base64.decodeBase64(identityEd25519Base64);
-    if (identityEd25519[0] != 0x01) {
+    if (identityEd25519.length < 40) {
+      this.logger.warning("Invalid length of identity-ed25519 (in "
+          + "bytes): " + identityEd25519.length);
+    } else if (identityEd25519[0] != 0x01) {
       this.logger.warning("Unknown version in identity-ed25519: "
           + identityEd25519[0]);
     } else if (identityEd25519[1] != 0x04) {

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [globe/master] Merge remote-tracking branch 'leivaburto/task-16962'
Next by Author: [tor-commits] [metrics-web/master] Cache previously parsed/formatted dates.
Previous by thread: [tor-commits] [webwml/master] Add new TBB version
Next by thread: [tor-commits] [metrics-web/master] Cache previously parsed/formatted dates.
Index(es):
- Author
- Thread