1 files changed, 14 insertions, 9 deletions

diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c
index 73f9176186..a76893fe1a 100644
--- a/src/feature/hs/hs_config.c
+++ b/src/feature/hs/hs_config.c
@@ -548,15 +548,19 @@ config_service(config_line_t *line, const or_options_t *options,
 
   tor_assert(service->config.version <= HS_VERSION_MAX);
 
-  /* Check permission on service directory that was just parsed. And this must
-   * be done regardless of the service version. Do not ask for the directory
-   * to be created, this is done when the keys are loaded because we could be
-   * in validation mode right now. */
-  if (hs_check_service_private_dir(options->User,
-                                   service->config.directory_path,
-                                   service->config.dir_group_readable,
-                                   0) < 0) {
-    goto err;
+  /* If we're running with TestingTorNetwork enabled, we relax the permissions
+   * check on the hs directory. */
+  if (!options->TestingTorNetwork) {
+    /* Check permission on service directory that was just parsed. And this
+     * must be done regardless of the service version. Do not ask for the
+     * directory to be created, this is done when the keys are loaded because
+     * we could be in validation mode right now. */
+    if (hs_check_service_private_dir(options->User,
+                                     service->config.directory_path,
+                                     service->config.dir_group_readable,
+                                     0) < 0) {
+      goto err;
+    }
   }
 
   /* We'll try to learn the service version here by loading the key(s) if
@@ -640,6 +644,7 @@ hs_config_service_all(const or_options_t *options, int validate_only)
     int rv = config_service(section, options, new_service_list);
     config_free_lines(section);
     if (rv < 0) {
+      config_free_lines(remaining);
       goto err;
     }
   }