[tor-commits] [atlas/master] Do not rehash invalid fingerprints
irl at torproject.org
irl at torproject.org
Sat Apr 15 20:24:00 UTC 2017
commit 20acb807fb691e2c3f0948c88ef2f95fb00c9f23
Author: cypherpunks <cypherpunks at torproject.org>
Date: Thu Mar 2 14:50:41 2017 +0000
Do not rehash invalid fingerprints
The regular expression only matches the beginning of the fingerprint.
This allows passing invalid hexadecimal strings to the JavaScript SHA
library which aborts further page loading.
Also rename the function to reflect that it only supports one
fingerprint argument, not an array of fingerprints.
Closes #21612.
---
js/router.js | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/js/router.js b/js/router.js
index 2c02dad..65cf8af 100644
--- a/js/router.js
+++ b/js/router.js
@@ -20,8 +20,8 @@ define([
'*actions': 'defaultAction'
},
- hashFingerprints: function(fp){
- if (fp.match(/^[a-f0-9]{40}/i) != null)
+ hashFingerprint: function(fp){
+ if (fp.match(/^[a-f0-9]{40}$/i) != null)
return new jsSHA(fp, "HEX").getHash("SHA-1", "HEX").toUpperCase();
else
return fp
@@ -36,7 +36,7 @@ define([
$("#loading").show();
$("#content").hide();
- mainDetailsView.model.fingerprint = this.hashFingerprints(fingerprint);
+ mainDetailsView.model.fingerprint = this.hashFingerprint(fingerprint);
mainDetailsView.model.lookup({
success: function(relay) {
$("#content").show();
@@ -68,7 +68,7 @@ define([
$("#loading").hide();
} else {
doSearchView.collection.url =
- doSearchView.collection.baseurl + this.hashFingerprints(query);
+ doSearchView.collection.baseurl + this.hashFingerprint(query);
doSearchView.collection.lookup({
success: function(err){
doSearchView.relays = doSearchView.collection.models;
More information about the tor-commits
mailing list