diff options
author | David Goulet <dgoulet@torproject.org> | 2017-02-15 10:27:32 -0500 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2017-02-15 10:27:41 -0500 |
commit | 3336f26e60b0f24c8e028ed8fb9aea04d19c5c8a (patch) | |
tree | 2c9321a8a98f391d1d130b9852f95b8debadc87a /src | |
parent | d633c4757c1392fbbdeb3bdcc39e9b8e834f8fc9 (diff) | |
download | tor-3336f26e60b0f24c8e028ed8fb9aea04d19c5c8a.tar.gz tor-3336f26e60b0f24c8e028ed8fb9aea04d19c5c8a.zip |
hs: Avoid a strlen(NULL) if descriptor is not found in cache
Instead of returning 404 error code, this led to a NULL pointer being used and
thus a crash of tor.
Fixes #21471
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/or/directory.c | 2 | ||||
-rw-r--r-- | src/test/test_hs_cache.c | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/src/or/directory.c b/src/or/directory.c index c7f2012331..80d3c30c63 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -3533,7 +3533,7 @@ handle_get_hs_descriptor_v3(dir_connection_t *conn, pubkey_str = url + strlen("/tor/hs/3/"); retval = hs_cache_lookup_as_dir(HS_VERSION_THREE, pubkey_str, &desc_str); - if (retval < 0) { + if (retval <= 0 || desc_str == NULL) { write_http_status_line(conn, 404, "Not found"); goto done; } diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c index 64391a7c29..1943d0ffac 100644 --- a/src/test/test_hs_cache.c +++ b/src/test/test_hs_cache.c @@ -361,6 +361,15 @@ test_upload_and_download_hs_desc(void *arg) /* Initialize HSDir cache subsystem */ init_test(); + /* Test a descriptor not found in the directory cache. */ + { + ed25519_public_key_t blinded_key; + memset(&blinded_key.pubkey, 'A', sizeof(blinded_key.pubkey)); + received_desc_str = helper_fetch_desc_from_hsdir(&blinded_key); + tt_int_op(strlen(received_desc_str), OP_EQ, 0); + tor_free(received_desc_str); + } + /* Generate a valid descriptor with normal values. */ { ed25519_keypair_t signing_kp; @@ -388,6 +397,15 @@ test_upload_and_download_hs_desc(void *arg) /* Verify we received the exact same descriptor we published earlier */ tt_str_op(received_desc_str, OP_EQ, published_desc_str); + tor_free(received_desc_str); + + /* With a valid descriptor in the directory cache, try again an invalid. */ + { + ed25519_public_key_t blinded_key; + memset(&blinded_key.pubkey, 'A', sizeof(blinded_key.pubkey)); + received_desc_str = helper_fetch_desc_from_hsdir(&blinded_key); + tt_int_op(strlen(received_desc_str), OP_EQ, 0); + } done: tor_free(received_desc_str); |