From 91f484cbc716e85bbc4276d07cc759ab606e7596 Mon Sep 17 00:00:00 2001 From: cathugger Date: Thu, 12 Jul 2018 12:11:44 +0000 Subject: [PATCH] harden pseudo-YAML validation --- Makefile.in | 2 +- base32.h | 2 +- yaml.c | 7 +++++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Makefile.in b/Makefile.in index 42b1a50..7c8b5db 100644 --- a/Makefile.in +++ b/Makefile.in @@ -419,4 +419,4 @@ test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h vec.c.o: vec.h -yaml.c.o: types.h yaml.h ioutil.h base64.h common.h +yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h diff --git a/base32.h b/base32.h index 2e18c16..529afab 100644 --- a/base32.h +++ b/base32.h @@ -4,7 +4,7 @@ char *base32_to(char *dst,const u8 *src,size_t slen); #define BASE32_TO_LEN(l) (((l) * 8 + 4) / 5) // converts src string from base32 size_t base32_from(u8 *dst,u8 *dmask,const char *src); -// calculates length needed to store data converted from base +// calculates length needed to store data converted from base32 #define BASE32_FROM_LEN(l) (((l) * 5 + 7) / 8) // validates base32 string and optionally stores length of valid data // returns 1 if whole string is good, 0 if string contains invalid data diff --git a/yaml.c b/yaml.c index 31ea949..dc85173 100644 --- a/yaml.c +++ b/yaml.c @@ -10,6 +10,7 @@ #include "types.h" #include "yaml.h" #include "ioutil.h" +#include "base32.h" #include "base64.h" #include "common.h" @@ -122,7 +123,7 @@ void yamlout_writekeys(const char *hostname,const u8 *formated_public,const u8 * int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) { char line[256]; - size_t len; + size_t len,cnt; u8 pubbuf[FORMATTED_PUBLIC_LEN]; u8 secbuf[FORMATTED_SECRET_LEN]; int hashost = 0,haspub = 0,hassec = 0,skipthis = 0; @@ -198,7 +199,9 @@ int yamlin_parseandcreate(FILE *fin,char *sname,const char *hostname) len = strlen(p); switch (keyt) { case HOST: - if (len != ONION_LEN) { + if (len != ONION_LEN || base32_valid(p,&cnt) || cnt != BASE32_TO_LEN(PUBONION_LEN) || + strcmp(&p[cnt],&hostname_example[cnt]) != 0) + { fprintf(stderr,"ERROR: invalid hostname syntax\n"); return 1; }