Merge branch 'bug22644_029' into maint-0.2.9

2 files changed, 17 insertions, 4 deletions

diff --git a/changes/bug22644 b/changes/bug22644
new file mode 100644
index 0000000000..9b8742edaf
--- /dev/null
+++ b/changes/bug22644
@@ -0,0 +1,5 @@
+  o Minor bugfixes (controller):
+    - Do not crash when receiving a POSTDESCRIPTOR command with an
+      empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+    - Do not crash when receiving a HSPOST command with an empty body.
+      Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
diff --git a/src/or/control.c b/src/or/control.c
index 1bf1e33bbc..03d9fcee2a 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -3568,12 +3568,15 @@ handle_control_postdescriptor(control_connection_t *conn, uint32_t len,
   int cache = 0; /* eventually, we may switch this to 1 */
 
   const char *cp = memchr(body, '\n', len);
-  smartlist_t *args = smartlist_new();
-  tor_assert(cp);
+
+  if (cp == NULL) {
+    connection_printf_to_buf(conn, "251 Empty body\r\n");
+    return 0;
+  }
   ++cp;
 
   char *cmdline = tor_memdup_nulterm(body, cp-body);
-
+  smartlist_t *args = smartlist_new();
   smartlist_split_string(args, cmdline, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH_BEGIN(args, char *, option) {
@@ -4158,14 +4161,19 @@ handle_control_hspost(control_connection_t *conn,
                       const char *body)
 {
   static const char *opt_server = "SERVER=";
-  smartlist_t *args = smartlist_new();
   smartlist_t *hs_dirs = NULL;
   const char *encoded_desc = body;
   size_t encoded_desc_len = len;
 
   char *cp = memchr(body, '\n', len);
+  if (cp == NULL) {
+    connection_printf_to_buf(conn, "251 Empty body\r\n");
+    return 0;
+  }
   char *argline = tor_strndup(body, cp-body);
 
+  smartlist_t *args = smartlist_new();
+
   /* If any SERVER= options were specified, try parse the options line */
   if (!strcasecmpstart(argline, opt_server)) {
     /* encoded_desc begins after a newline character */