tDrop out of handlePost sooner if there are missing fields. - tordam - A library for peer discovery inside the Tor network
(HTM) git clone https://git.parazyd.org/tordam
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 6b40d0567149017082560dce7d7aebcd8949eb28
(DIR) parent 3062484b289c2253d713ee5131288287e5c5d6db
(HTM) Author: parazyd <parazyd@dyne.org>
Date: Mon, 11 Dec 2017 14:48:07 +0100
Drop out of handlePost sooner if there are missing fields.
This commit also fixes a bug in ValidateReq when there's an invalid
signature. Note to self: maybe handle this better in VerifyMsgRsa?
Diffstat:
M cmd/dam-dir/main.go | 9 +++++++--
M pkg/damlib/validate.go | 4 ++--
2 files changed, 9 insertions(+), 4 deletions(-)
---
(DIR) diff --git a/cmd/dam-dir/main.go b/cmd/dam-dir/main.go
t@@ -61,15 +61,20 @@ func handlePost(rw http.ResponseWriter, request *http.Request) {
return
}
- decoder := json.NewDecoder(request.Body)
-
var n nodeStruct
+ decoder := json.NewDecoder(request.Body)
err := decoder.Decode(&n)
if err != nil {
log.Println("Failed decoding request:", err)
return
}
+ // Drop out ASAP.
+ if len(n.Nodetype) == 0 || len(n.Address) == 0 ||
+ len(n.Message) == 0 || len(n.Signature) == 0 {
+ return
+ }
+
decSig, err := base64.StdEncoding.DecodeString(n.Signature)
if err != nil {
log.Println("Failed decoding signature:", err)
(DIR) diff --git a/pkg/damlib/validate.go b/pkg/damlib/validate.go
t@@ -63,9 +63,9 @@ func ValidateReq(req map[string]string, pubkey string) ([]byte, bool) {
pub, err := ParsePubkeyRsa([]byte(pubkey))
CheckError(err)
- val, err := VerifyMsgRsa(msg, sig, pub)
- CheckError(err)
+ val, _ := VerifyMsgRsa(msg, sig, pub)
if val != true {
+ log.Println("crypto/rsa: verification failure")
return nil, false
}