Fix bug in verifying directory signatures with short digests

If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.

Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.

diff --git a/changes/bug2409 b/changes/bug2409
new file mode 100644 (file)
index 0000000..5523458
--- /dev/null
+++ b/changes/bug2409
@@ -0,0 +1,4 @@
+  o Minor bugfixes
+    - Resolve a bug in verifying signatures of directory objects
+      with digests longer than SHA1.  Bugfix on 0.2.2.20-alpha;
+      fixes bug 2409; found by "piebeer".

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 5ceb298b8b76f04108b0539174a22d6ceeeab647..db7161e3da691301b81cb45036963adcc757b5a2 100644 (file)
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1088,7 +1088,7 @@ check_signature_token(const char *digest,
   signed_digest = tor_malloc(keysize);
   if (crypto_pk_public_checksig(pkey, signed_digest, keysize,
                                 tok->object_body, tok->object_size)
-      < DIGEST_LEN) {
+      < digest_len) {
     log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
     tor_free(signed_digest);
     return -1;