aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/bug232334
-rw-r--r--src/or/hs_descriptor.c3
-rw-r--r--src/test/test_hs_descriptor.c4
3 files changed, 10 insertions, 1 deletions
diff --git a/changes/bug23233 b/changes/bug23233
new file mode 100644
index 0000000000..689a99a2a8
--- /dev/null
+++ b/changes/bug23233
@@ -0,0 +1,4 @@
+ o Minor bugfixes (hidden service):
+ - Fix a BUG alert during HSv3 descriptor decoding that could trigger with a
+ specially crafted descriptor. Fixes bug #23233; bugfix on 0.3.0.1-alpha.
+ Bug found by "haxxpop".
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 7c2e76942a..616d2f280b 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -1852,7 +1852,8 @@ desc_sig_is_valid(const char *b64_sig,
sig_start = tor_memstr(encoded_desc, encoded_len, "\n" str_signature);
/* Getting here means the token parsing worked for the signature so if we
* can't find the start of the signature, we have a code flow issue. */
- if (BUG(!sig_start)) {
+ if (!sig_start) {
+ log_warn(LD_GENERAL, "Malformed signature line. Rejecting.");
goto err;
}
/* Skip newline, it has to go in the signature check. */
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index 5be0747085..b68bd108fa 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -569,8 +569,12 @@ test_decode_bad_signature(void *arg)
/* Update approx time to dodge cert expiration */
update_approx_time(1502661599);
+
+ setup_full_capture_of_logs(LOG_WARN);
ret = hs_desc_decode_plaintext(HS_DESC_BAD_SIG, &desc_plaintext);
tt_int_op(ret, OP_EQ, -1);
+ expect_log_msg_containing("Malformed signature line. Rejecting.");
+ teardown_capture_of_logs();
done: ;
}