Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed bug causing a security breach by storing private GXS keys into the public key cache. Added a few asserts to totally remove that possibility. Ideally we should have 2 incompatible key types.

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7829 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2015-01-10 07:30:26 +00:00
parent 48e47fabd3
commit c83d27924e
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libretroshare/src/gxs/gxssecurity.cc
View File

@ -56,6 +56,8 @@ static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
static RSA *extractPublicKey(const RsTlvSecurityKey& key) static RSA *extractPublicKey(const RsTlvSecurityKey& key)
{ {
assert(!(key.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data; const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
long keylen = key.keyData.bin_len; long keylen = key.keyData.bin_len;

16
libretroshare/src/services/p3idservice.cc
View File

@ -30,6 +30,7 @@
#include "util/rsrandom.h" #include "util/rsrandom.h"
#include "util/rsstring.h" #include "util/rsstring.h"
#include "util/radix64.h" #include "util/radix64.h"
#include "gxs/gxssecurity.h"
//#include "pqi/authgpg.h" //#include "pqi/authgpg.h"
@ -485,6 +486,7 @@ bool p3IdService::getKey(const RsGxsId &id, RsTlvSecurityKey &key)
key = data.pubkey; key = data.pubkey;
return true; return true;
} }
key.keyId.clear() ;
return false; return false;
} }
@ -1549,14 +1551,20 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item)
{ {
fullkey = kit->second; fullkey = kit->second;
full_key_ok = true; full_key_ok = true;
if(GxsSecurity::extractPublicKey(fullkey,pubkey))
pub_key_ok = true ;
}
else
{
pubkey = kit->second;
pub_key_ok = true ;
} }
/* cache public key always /* cache public key always
* we don't need to check the keyFlags, * we don't need to check the keyFlags,
* as both FULL and PUBLIC_ONLY keys contain the PUBLIC key * as both FULL and PUBLIC_ONLY keys contain the PUBLIC key
*/ */
pubkey = kit->second;
pub_key_ok = true;
} }
} }
@ -1574,6 +1582,8 @@ bool p3IdService::cache_store(const RsGxsIdGroupItem *item)
RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/ RsStackMutex stack(mIdMtx); /********** STACK LOCKED MTX ******/
assert(!(pubkey.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
// Create Cache Data. // Create Cache Data.
RsGxsIdCache pubcache(item, pubkey, tagList); RsGxsIdCache pubcache(item, pubkey, tagList);
mPublicKeyCache.store(id, pubcache); mPublicKeyCache.store(id, pubcache);
@ -1796,6 +1806,8 @@ bool p3IdService::cache_update_if_cached(const RsGxsId &id, std::string serviceS
std::cerr << std::endl; std::cerr << std::endl;
#endif // DEBUG_IDS #endif // DEBUG_IDS
assert(!(pub_data.pubkey.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
pub_data.updateServiceString(serviceString); pub_data.updateServiceString(serviceString);
mPublicKeyCache.store(id, pub_data); mPublicKeyCache.store(id, pub_data);
} }