Merge branch 'maint-0.4.3'

2 files changed, 9 insertions, 3 deletions

diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index d5c1c5ca9a..cc1b01d2ef 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1848,7 +1848,7 @@ hs_client_decode_descriptor(const char *desc_str,
   hs_subcredential_t subcredential;
   ed25519_public_key_t blinded_pubkey;
   hs_client_service_authorization_t *client_auth = NULL;
-  curve25519_secret_key_t *client_auht_sk = NULL;
+  curve25519_secret_key_t *client_auth_sk = NULL;
 
   tor_assert(desc_str);
   tor_assert(service_identity_pk);
@@ -1857,7 +1857,7 @@ hs_client_decode_descriptor(const char *desc_str,
   /* Check if we have a client authorization for this service in the map. */
   client_auth = find_client_auth(service_identity_pk);
   if (client_auth) {
-    client_auht_sk = &client_auth->enc_seckey;
+    client_auth_sk = &client_auth->enc_seckey;
   }
 
   /* Create subcredential for this HS so that we can decrypt */
@@ -1870,7 +1870,7 @@ hs_client_decode_descriptor(const char *desc_str,
 
   /* Parse descriptor */
   ret = hs_desc_decode_descriptor(desc_str, &subcredential,
-                                  client_auht_sk, desc);
+                                  client_auth_sk, desc);
   memwipe(&subcredential, 0, sizeof(subcredential));
   if (ret != HS_DESC_DECODE_OK) {
     goto err;
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index d6382ef804..3a2beb766f 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -3661,6 +3661,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
     goto err;
   }
 
+  if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
+    log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
+    ret = RSAE_BADPRIVKEY;
+    goto err;
+  }
+
   /* Make sure we have at least one port. */
   if (smartlist_len(service->config.ports) == 0) {
     log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "