[tor-commits] [tor/master] Make hidden service authorization work again.

Fri Feb 15 21:30:01 UTC 2013

commit f12fafac5a6ab02fa2544eafef8dead847f7353e
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Feb 11 15:42:57 2013 -0500

    Make hidden service authorization work again.
    
    The refactoring in commit 471ab340325 wasn't complete enough: we
    were checking the auth_len variable, but never actually setting it,
    so it would never seem that authentication had been provided.
    
    This commit also removes a bunch of unused variables from
    rend_service_introduce, whose unusedness we hadn't noticed because
    we were wiping them at the end of the function.
    
    Fix for bug 8207; bugfix on 0.2.4.1-alpha.
---
 changes/bug8207      |    7 +++++++
 src/or/rendservice.c |   12 +++---------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/changes/bug8207 b/changes/bug8207
new file mode 100644
index 0000000..0028d33
--- /dev/null
+++ b/changes/bug8207
@@ -0,0 +1,7 @@
+  o Major bugfixes (hidden services):
+    - Allow hidden service authentication to succeed again. When we
+      refactored the hidden service introduction code back in 0.2.4.1-alpha,
+      we didn't update the code that checks whether authentication
+      information is present, causing all authentication checks to
+      return "false". Fix for bug 8207; bugfix on 0.2.4.1-alpha. Found by
+      Coverity; this is CID 718615. 
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 10d232c..a066e02 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1119,11 +1119,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   crypt_path_t *cpath = NULL;
   char hexcookie[9];
   int circ_needs_uptime;
-  char intro_key_digest[DIGEST_LEN];
-  size_t auth_len = 0;
-  char auth_data[REND_DESC_COOKIE_LEN];
   time_t now = time(NULL);
-  char diffie_hellman_hash[DIGEST_LEN];
   time_t elapsed;
   int replay;
 
@@ -1296,8 +1292,9 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
 
   /* If the service performs client authorization, check included auth data. */
   if (service->clients) {
-    if (auth_len > 0) {
-      if (rend_check_authorization(service, auth_data)) {
+    if (parsed_req->version == 3 && parsed_req->u.v3.auth_len > 0) {
+      if (rend_check_authorization(service,
+                                   (const char*)parsed_req->u.v3.auth_data)) {
         log_info(LD_REND, "Authorization data in INTRODUCE2 cell are valid.");
       } else {
         log_info(LD_REND, "The authorization data that are contained in "
@@ -1410,9 +1407,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   memwipe(buf, 0, sizeof(buf));
   memwipe(serviceid, 0, sizeof(serviceid));
   memwipe(hexcookie, 0, sizeof(hexcookie));
-  memwipe(intro_key_digest, 0, sizeof(intro_key_digest));
-  memwipe(auth_data, 0, sizeof(auth_data));
-  memwipe(diffie_hellman_hash, 0, sizeof(diffie_hellman_hash));
 
   /* Free the parsed cell */
   if (parsed_req) {



