commit 1491c0d024130a5699ae9acbeb2263d9d6ca2c3c
parent 45732a1a13cb05107f5822afed0c01388096be27
Author: George Kadianakis <desnacked@riseup.net>
Date: Thu, 17 Aug 2017 23:13:15 +0300
Fix triggerable BUG() when decoding hsv3 descriptors.
Also improve the unittest to make sure it catches the right error.
Diffstat:
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/changes/bug23233 b/changes/bug23233
@@ -0,0 +1,4 @@
+ o Minor bugfixes (hidden service):
+ - Fix a BUG alert during HSv3 descriptor decoding that could trigger with a
+ specially crafted descriptor. Fixes bug #23233; bugfix on 0.3.0.1-alpha.
+ Bug found by "haxxpop".
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
@@ -1852,7 +1852,8 @@ desc_sig_is_valid(const char *b64_sig,
sig_start = tor_memstr(encoded_desc, encoded_len, "\n" str_signature);
/* Getting here means the token parsing worked for the signature so if we
* can't find the start of the signature, we have a code flow issue. */
- if (BUG(!sig_start)) {
+ if (!sig_start) {
+ log_warn(LD_GENERAL, "Malformed signature line. Rejecting.");
goto err;
}
/* Skip newline, it has to go in the signature check. */
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
@@ -569,8 +569,12 @@ test_decode_bad_signature(void *arg)
/* Update approx time to dodge cert expiration */
update_approx_time(1502661599);
+
+ setup_full_capture_of_logs(LOG_WARN);
ret = hs_desc_decode_plaintext(HS_DESC_BAD_SIG, &desc_plaintext);
tt_int_op(ret, OP_EQ, -1);
+ expect_log_msg_containing("Malformed signature line. Rejecting.");
+ teardown_capture_of_logs();
done: ;
}
