Commit 1491c0d0 authored by George Kadianakis's avatar George Kadianakis
Browse files

Fix triggerable BUG() when decoding hsv3 descriptors. 

Also improve the unittest to make sure it catches the right error.
parent 45732a1a

changes/bug23233

0 → 100644
+4 −0
Original line number Diff line number Diff line 
  o Minor bugfixes (hidden service):

    - Fix a BUG alert during HSv3 descriptor decoding that could trigger with a

      specially crafted descriptor. Fixes bug #23233; bugfix on 0.3.0.1-alpha.

      Bug found by "haxxpop".

src/or/hs_descriptor.c

+2 −1
Original line number Diff line number Diff line
@@ -1852,7 +1852,8 @@ desc_sig_is_valid(const char *b64_sig, 
  sig_start = tor_memstr(encoded_desc, encoded_len, "\n" str_signature);

  /* Getting here means the token parsing worked for the signature so if we

   * can't find the start of the signature, we have a code flow issue. */

  if (BUG(!sig_start)) {

  if (!sig_start) {

    log_warn(LD_GENERAL, "Malformed signature line. Rejecting.");

    goto err;

  }

  /* Skip newline, it has to go in the signature check. */

src/test/test_hs_descriptor.c

+4 −0
Original line number Diff line number Diff line
@@ -569,8 +569,12 @@ test_decode_bad_signature(void *arg) 
  /* Update approx time to dodge cert expiration */

  update_approx_time(1502661599);





  setup_full_capture_of_logs(LOG_WARN);

  ret = hs_desc_decode_plaintext(HS_DESC_BAD_SIG, &desc_plaintext);

  tt_int_op(ret, OP_EQ, -1);

  expect_log_msg_containing("Malformed signature line. Rejecting.");

  teardown_capture_of_logs();



 done: ;

}