commit e7d7e04155f0c7dd1282d4c77bdd02cae8bc0fe7
parent 7282213bd3aa1b21928e7d134180781158ebdb4b
Author: Nick Mathewson <nickm@torproject.org>
Date: Mon, 9 Sep 2019 12:58:30 -0400
Do not look inside bogus microdesc when listing its digest as invalid
We have code in microdescs_parse_from_string() to record the digests
of microdescriptors that we could not parse. But right now, that
code looks at the md->digest field, which is a bit inelegant, and
will stand in the way of sensible refactoring.
Instead, use a local variable to hold the digest.
Diffstat:
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/feature/dirparse/microdesc_parse.c b/src/feature/dirparse/microdesc_parse.c
@@ -167,6 +167,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
start_of_next_microdesc = eos;
md = tor_malloc_zero(sizeof(microdesc_t));
+ uint8_t md_digest[DIGEST256_LEN];
{
const char *cp = tor_memstr(s, start_of_next_microdesc-s,
"onion-key");
@@ -183,6 +184,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
md->body = (char*)cp;
md->off = cp - start;
crypto_digest256(md->digest, md->body, md->bodylen, DIGEST_SHA256);
+ memcpy(md_digest, md->digest, DIGEST256_LEN);
if (no_onion_key) {
log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Malformed or truncated descriptor");
goto next;
@@ -279,7 +281,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
next:
if (! okay && invalid_digests_out) {
smartlist_add(invalid_digests_out,
- tor_memdup(md->digest, DIGEST256_LEN));
+ tor_memdup(md_digest, DIGEST256_LEN));
}
microdesc_free(md);
md = NULL;
