tordam

A library for peer discovery inside the Tor network
git clone https://git.parazyd.org/tordam
Log | Files | Refs | README | LICENSE
commit 6b40d0567149017082560dce7d7aebcd8949eb28
parent 3062484b289c2253d713ee5131288287e5c5d6db
Author: parazyd <parazyd@dyne.org>
Date:   Mon, 11 Dec 2017 14:48:07 +0100

Drop out of handlePost sooner if there are missing fields.

This commit also fixes a bug in ValidateReq when there's an invalid
signature. Note to self: maybe handle this better in VerifyMsgRsa?

Diffstat:

Mcmd/dam-dir/main.go | 9+++++++--


Mpkg/damlib/validate.go | 4++--


2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/cmd/dam-dir/main.go b/cmd/dam-dir/main.go
@@ -61,15 +61,20 @@ func handlePost(rw http.ResponseWriter, request *http.Request) {
 		return
 	}
 
-	decoder := json.NewDecoder(request.Body)
-
 	var n nodeStruct
+	decoder := json.NewDecoder(request.Body)
 	err := decoder.Decode(&n)
 	if err != nil {
 		log.Println("Failed decoding request:", err)
 		return
 	}
 
+	// Drop out ASAP.
+	if len(n.Nodetype) == 0 || len(n.Address) == 0 ||
+		len(n.Message) == 0 || len(n.Signature) == 0 {
+		return
+	}
+
 	decSig, err := base64.StdEncoding.DecodeString(n.Signature)
 	if err != nil {
 		log.Println("Failed decoding signature:", err)
diff --git a/pkg/damlib/validate.go b/pkg/damlib/validate.go
@@ -63,9 +63,9 @@ func ValidateReq(req map[string]string, pubkey string) ([]byte, bool) {
 	pub, err := ParsePubkeyRsa([]byte(pubkey))
 	CheckError(err)
 
-	val, err := VerifyMsgRsa(msg, sig, pub)
-	CheckError(err)
+	val, _ := VerifyMsgRsa(msg, sig, pub)
 	if val != true {
+		log.Println("crypto/rsa: verification failure")
 		return nil, false
 	}