From: Brian Warner <warner@lothar.com>
Date: Sun, 12 Jul 2009 23:47:50 +0000 (+0100)
Subject: dirnode.py: security bug: also use child writecap to derive child enc key,
X-Git-Tag: trac-4000~16
X-Git-Url: https://git.rkrishnan.org/frontends/listings/index.php?a=commitdiff_plain;h=c1d5717cf0ecd68f4ed170c3043d5cc79917e36b;p=tahoe-lafs%2Ftahoe-lafs.git

dirnode.py: security bug: also use child writecap to derive child enc key,
not just the dirnode writecap. The previous code (which only hashed the
dirnode writecap) would use the same key for all children, which is very bad.
This is the correct implementation of #750.
---

diff --git a/src/allmydata/dirnode.py b/src/allmydata/dirnode.py
index a00fffcb..d4a6b3b3 100644
--- a/src/allmydata/dirnode.py
+++ b/src/allmydata/dirnode.py
@@ -195,7 +195,7 @@ class NewDirectoryNode:
 
     def _encrypt_rwcap(self, rwcap):
         assert isinstance(rwcap, str)
-        IV = hashutil.mutable_rwcap_iv_hash(self._node.get_writekey())
+        IV = hashutil.mutable_rwcap_iv_hash(rwcap)
         key = hashutil.mutable_rwcap_key_hash(IV, self._node.get_writekey())
         cryptor = AES(key)
         crypttext = cryptor.process(rwcap)