Fix remotely triggerable assert during ip decryption

author Dan Rosenberg <dan.j.rosenberg@gmail.com>

Sun, 6 Nov 2011 16:23:14 +0000 (17:23 +0100)

committer Sebastian Hahn <sebastian@torproject.org>

Sun, 6 Nov 2011 16:23:14 +0000 (17:23 +0100)
author Dan Rosenberg <dan.j.rosenberg@gmail.com>
Sun, 6 Nov 2011 16:23:14 +0000 (17:23 +0100)
committer Sebastian Hahn <sebastian@torproject.org>
Sun, 6 Nov 2011 16:23:14 +0000 (17:23 +0100)
diff --git a/src/or/routerparse.c b/src/or/routerparse.c

index 19f9e38a9a92eb4b1f6b86f2d4f42bd6679670bd..843fc79c8297cccd7cd55f8237372781d4b0715b 100644 (file)
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3858,6 +3858,11 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
      crypto_cipher_env_t *cipher;
      char *dec;
      int declen;
+    if (ipos_encrypted_size < CIPHER_IV_LEN + 2) {
+      log_warn(LD_REND, "Size of encrypted introduction points is too "
+                        "small.");
+      return -1;
+    }
      dec = tor_malloc_zero(ipos_encrypted_size - CIPHER_IV_LEN - 1);
      cipher = crypto_create_init_cipher(descriptor_cookie, 0);
      declen = crypto_cipher_decrypt_with_iv(cipher, dec,
author	Dan Rosenberg <dan.j.rosenberg@gmail.com>
	Sun, 6 Nov 2011 16:23:14 +0000 (17:23 +0100)
committer	Sebastian Hahn <sebastian@torproject.org>
	Sun, 6 Nov 2011 16:23:14 +0000 (17:23 +0100)