hs: Add an extra safety check on ESTABLISH_INTRO sig len

Signed-off-by: David Goulet <dgoulet@torproject.org>

src/or/hs_intropoint.c

@@ -70,7 +70,11 @@ verify_establish_intro_cell(const hs_cell_establish_intro_t *cell,
     ed25519_signature_t sig_struct;
     const uint8_t *sig_array = hs_cell_establish_intro_getconstarray_sig(cell);
 
-    if (hs_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig)) {
+    /* Make sure the signature length is of the right size. For EXTRA safety,
+     * we check both the size of the array and the length which must be the
+     * same. Safety first!*/
+    if (hs_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) ||
+        hs_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) {
       log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
              "ESTABLISH_INTRO sig len is invalid");
       return -1;