← Back to branch summary

~ubuntu-branches/debian/lenny/tor/lenny

« back to all changes in this revision

Viewing changes to src/or/rendservice.c

  • Committer: Package Import Robot
  • Author(s): Peter Palfrader
  • Date: 2011-12-15 21:25:18 UTC
  • mfrom: (1.6.1) (6.1.16 sid)
  • Revision ID: package-import@ubuntu.com-20111215212518-4eaqirobd1uhcmxb
Tags: 0.2.1.32-1
New upstream version, fixing a heap overflow bug related to Tor's
SOCKS code (CVE-2011-2778).

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/or/rendservice.c
506
506
        int keep_it = 0;
507
507
        tor_assert(oc->rend_data);
508
508
        SMARTLIST_FOREACH(surviving_services, rend_service_t *, ptr, {
509
 
          if (!memcmp(ptr->pk_digest, oc->rend_data->rend_pk_digest,
 
509
          if (tor_memeq(ptr->pk_digest, oc->rend_data->rend_pk_digest,
510
510
                      DIGEST_LEN) &&
511
511
              ptr->descriptor_version == oc->rend_data->rend_desc_version) {
512
512
            keep_it = 1;
806
806
                                          uint8_t version)
807
807
{
808
808
  SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s,
809
 
                    if (!memcmp(s->pk_digest,digest,DIGEST_LEN) &&
 
809
                    if (tor_memeq(s->pk_digest,digest,DIGEST_LEN) &&
810
810
                        s->descriptor_version == version) return s);
811
811
  return NULL;
812
812
}
846
846
 
847
847
  /* Look up client authorization by descriptor cookie. */
848
848
  SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, client, {
849
 
    if (!memcmp(client->descriptor_cookie, descriptor_cookie,
 
849
    if (tor_memeq(client->descriptor_cookie, descriptor_cookie,
850
850
                REND_DESC_COOKIE_LEN)) {
851
851
      auth_client = client;
852
852
      break;
962
962
 
963
963
  /* first DIGEST_LEN bytes of request is intro or service pk digest */
964
964
  crypto_pk_get_digest(intro_key, intro_key_digest);
965
 
  if (memcmp(intro_key_digest, request, DIGEST_LEN)) {
 
965
  if (tor_memneq(intro_key_digest, request, DIGEST_LEN)) {
966
966
    base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
967
967
                  (char*)request, REND_SERVICE_ID_LEN);
968
968
    log_warn(LD_REND, "Got an INTRODUCE2 cell for the wrong service (%s).",
1151
1151
  }
1152
1152
 
1153
1153
  /* Try DH handshake... */
1154
 
  dh = crypto_dh_new();
 
1154
  dh = crypto_dh_new(DH_TYPE_REND);
1155
1155
  if (!dh || crypto_dh_generate_public(dh)<0) {
1156
1156
    log_warn(LD_BUG,"Internal error: couldn't build DH state "
1157
1157
             "or generate public key.");
1306
1306
    return -1;
1307
1307
  }
1308
1308
 
1309
 
  if (memcmp(intro->extend_info->identity_digest,
 
1309
  if (tor_memneq(intro->extend_info->identity_digest,
1310
1310
      launched->build_state->chosen_exit->identity_digest, DIGEST_LEN)) {
1311
1311
    char cann[HEX_DIGEST_LEN+1], orig[HEX_DIGEST_LEN+1];
1312
1312
    base16_encode(cann, sizeof(cann),
1593
1593
  tor_assert(intro);
1594
1594
  while ((circ = circuit_get_next_by_pk_and_purpose(circ,pk_digest,
1595
1595
                                                  CIRCUIT_PURPOSE_S_INTRO))) {
1596
 
    if (!memcmp(circ->build_state->chosen_exit->identity_digest,
 
1596
    if (tor_memeq(circ->build_state->chosen_exit->identity_digest,
1597
1597
                intro->extend_info->identity_digest, DIGEST_LEN) &&
1598
1598
        circ->rend_data &&
1599
1599
        circ->rend_data->rend_desc_version == desc_version) {
1604
1604
  circ = NULL;
1605
1605
  while ((circ = circuit_get_next_by_pk_and_purpose(circ,pk_digest,
1606
1606
                                        CIRCUIT_PURPOSE_S_ESTABLISH_INTRO))) {
1607
 
    if (!memcmp(circ->build_state->chosen_exit->identity_digest,
 
1607
    if (tor_memeq(circ->build_state->chosen_exit->identity_digest,
1608
1608
                intro->extend_info->identity_digest, DIGEST_LEN) &&
1609
1609
        circ->rend_data &&
1610
1610
        circ->rend_data->rend_desc_version == desc_version) {
1887
1887
        if (service->desc) {
1888
1888
          SMARTLIST_FOREACH(service->desc->intro_nodes, rend_intro_point_t *,
1889
1889
                            dintro, {
1890
 
            if (!memcmp(dintro->extend_info->identity_digest,
 
1890
            if (tor_memeq(dintro->extend_info->identity_digest,
1891
1891
                intro->extend_info->identity_digest, DIGEST_LEN)) {
1892
1892
              log_info(LD_REND, "The intro point we are giving up on was "
1893
1893
                                "included in the last published descriptor. "