tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 0ec72b030839c3a9e8c557483594b9dbe86c0792
parent 26f68dfcef283137e60319c003300b07c56a3209
Author: Nick Mathewson <nickm@torproject.org>
Date:   Mon, 18 Sep 2017 09:39:35 -0400

Merge branch 'trove-2017-008_028' into maint-0.2.8

Diffstat:

Achanges/trove-2017-008 | 5+++++


Msrc/or/rendservice.c | 4++--


2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/changes/trove-2017-008 b/changes/trove-2017-008
@@ -0,0 +1,5 @@
+  o Major bugfixes (security, hidden services, loggging):
+    - Fix a bug where we could log uninitialized stack when a certain
+      hidden service error occurred while SafeLogging was disabled.
+      Fixes bug #23490; bugfix on 0.2.7.2-alpha.
+      This is also tracked as TROVE-2017-008 and CVE-2017-0380.
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
@@ -2859,6 +2859,8 @@ rend_service_intro_established(origin_circuit_t *circuit,
              (unsigned)circuit->base_.n_circ_id);
     goto err;
   }
+  base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
+                circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
   /* We've just successfully established a intro circuit to one of our
    * introduction point, account for it. */
   intro = find_intro_point(circuit);
@@ -2875,8 +2877,6 @@ rend_service_intro_established(origin_circuit_t *circuit,
   service->desc_is_dirty = time(NULL);
   circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);
 
-  base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
-                circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
   log_info(LD_REND,
            "Received INTRO_ESTABLISHED cell on circuit %u for service %s",
            (unsigned)circuit->base_.n_circ_id, serviceid);