channeldb/addr: sanity check onion address length before writing to db

This commit is contained in:
Johan T. Halseth 2019-01-17 14:11:56 +01:00
parent e2e00f9dd2
commit 6a3e1423d2
No known key found for this signature in database
GPG Key ID: 15BAADA29DA20D26

@ -69,7 +69,8 @@ func encodeTCPAddr(w io.Writer, addr *net.TCPAddr) error {
// representation. // representation.
func encodeOnionAddr(w io.Writer, addr *tor.OnionAddr) error { func encodeOnionAddr(w io.Writer, addr *tor.OnionAddr) error {
var suffixIndex int var suffixIndex int
switch len(addr.OnionService) { hostLen := len(addr.OnionService)
switch hostLen {
case tor.V2Len: case tor.V2Len:
if _, err := w.Write([]byte{byte(v2OnionAddr)}); err != nil { if _, err := w.Write([]byte{byte(v2OnionAddr)}); err != nil {
return err return err
@ -84,12 +85,29 @@ func encodeOnionAddr(w io.Writer, addr *tor.OnionAddr) error {
return errors.New("unknown onion service length") return errors.New("unknown onion service length")
} }
suffix := addr.OnionService[suffixIndex:]
if suffix != tor.OnionSuffix {
return fmt.Errorf("invalid suffix \"%v\"", suffix)
}
host, err := tor.Base32Encoding.DecodeString( host, err := tor.Base32Encoding.DecodeString(
addr.OnionService[:suffixIndex], addr.OnionService[:suffixIndex],
) )
if err != nil { if err != nil {
return err return err
} }
// Sanity check the decoded length.
switch {
case hostLen == tor.V2Len && len(host) != tor.V2DecodedLen:
return fmt.Errorf("onion service %v decoded to invalid host %x",
addr.OnionService, host)
case hostLen == tor.V3Len && len(host) != tor.V3DecodedLen:
return fmt.Errorf("onion service %v decoded to invalid host %x",
addr.OnionService, host)
}
if _, err := w.Write(host); err != nil { if _, err := w.Write(host); err != nil {
return err return err
} }