search

cofyc / dnscrypt-wrapper

This is dnscrypt wrapper (server-side dnscrypt proxy), which helps to add dnscrypt support to any name resolver.
Other
530 stars 74 forks source link

SEGV when passing the same key twice #170

Open fische opened 4 years ago

fische commented 4 years ago

Hi!

While trying dnscrypt-wrapper, I've encountered a segmentation fault when passing the same secret key twice. Here are the steps to reproduce it:

dnscrypt-wrapper --gen-provider-keypair --provider-name=2.dnscrypt-cert.example.com --ext-address=127.0.0.1 --dnssec --nolog --nofilter
dnscrypt-wrapper --gen-crypt-keypair --crypt-secretkey-file=1.key
dnscrypt-wrapper --gen-cert-file --crypt-secretkey-file=1.key --provider-cert-file=1.cert --provider-publickey-file=public.key --provider-secretkey-file=secret.key
cp 1.key 2.key
cp 1.cert 2.cert

dnscrypt-wrapper --resolver-address=8.8.8.8:53 --listen-address=0.0.0.0:443 --provider-name=2.dnscrypt-cert.example.com --crypt-secretkey-file=1.key,2.key --provider-cert-file=1.cert,2.cert

The issue comes from match_cert_to_keys where cert_id is out of bound after matching the certificates with the first key.