tDrop out of handlePost sooner if there are missing fields. - tordam - A library for peer discovery inside the Tor network (HTM) git clone https://git.parazyd.org/tordam (DIR) Log (DIR) Files (DIR) Refs (DIR) README (DIR) LICENSE --- (DIR) commit 6b40d0567149017082560dce7d7aebcd8949eb28 (DIR) parent 3062484b289c2253d713ee5131288287e5c5d6db (HTM) Author: parazyd <parazyd@dyne.org> Date: Mon, 11 Dec 2017 14:48:07 +0100 Drop out of handlePost sooner if there are missing fields. This commit also fixes a bug in ValidateReq when there's an invalid signature. Note to self: maybe handle this better in VerifyMsgRsa? Diffstat: M cmd/dam-dir/main.go | 9 +++++++-- M pkg/damlib/validate.go | 4 ++-- 2 files changed, 9 insertions(+), 4 deletions(-) --- (DIR) diff --git a/cmd/dam-dir/main.go b/cmd/dam-dir/main.go t@@ -61,15 +61,20 @@ func handlePost(rw http.ResponseWriter, request *http.Request) { return } - decoder := json.NewDecoder(request.Body) - var n nodeStruct + decoder := json.NewDecoder(request.Body) err := decoder.Decode(&n) if err != nil { log.Println("Failed decoding request:", err) return } + // Drop out ASAP. + if len(n.Nodetype) == 0 || len(n.Address) == 0 || + len(n.Message) == 0 || len(n.Signature) == 0 { + return + } + decSig, err := base64.StdEncoding.DecodeString(n.Signature) if err != nil { log.Println("Failed decoding signature:", err) (DIR) diff --git a/pkg/damlib/validate.go b/pkg/damlib/validate.go t@@ -63,9 +63,9 @@ func ValidateReq(req map[string]string, pubkey string) ([]byte, bool) { pub, err := ParsePubkeyRsa([]byte(pubkey)) CheckError(err) - val, err := VerifyMsgRsa(msg, sig, pub) - CheckError(err) + val, _ := VerifyMsgRsa(msg, sig, pub) if val != true { + log.Println("crypto/rsa: verification failure") return nil, false }