Commit 4a2cbea6 authored Sep 18, 2017 by Nick Mathewson

Fix log-uninitialized-stack bug in rend_service_intro_established.

Fixes bug 23490; bugfix on 0.2.7.2-alpha.

TROVE-2017-008
CVE-2017-0380

parent 26f68dfc

changes/trove-2017-008

0 → 100644

+5 −0

Original line number	Diff line number	Diff line
		o Major bugfixes (security, hidden services, loggging):
		- Fix a bug where we could log uninitialized stack when a certain
		hidden service error occurred while SafeLogging was disabled.
		Fixes bug #23490; bugfix on 0.2.7.2-alpha.
		This is also tracked as TROVE-2017-008 and CVE-2017-0380.

src/or/rendservice.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -2859,6 +2859,8 @@ rend_service_intro_established(origin_circuit_t *circuit,
		(unsigned)circuit->base_.n_circ_id);
		goto err;
		}
		base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
		circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
		/* We've just successfully established a intro circuit to one of our
		* introduction point, account for it. */
		intro = find_intro_point(circuit);
		@@ -2875,8 +2877,6 @@ rend_service_intro_established(origin_circuit_t *circuit,
		service->desc_is_dirty = time(NULL);
		circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);

		base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
		circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
		log_info(LD_REND,
		"Received INTRO_ESTABLISHED cell on circuit %u for service %s",
		(unsigned)circuit->base_.n_circ_id, serviceid);