Fix log-uninitialized-stack bug in rend_service_intro_established.

Fixes bug 23490; bugfix on 0.2.7.2-alpha.

TROVE-2017-008
CVE-2017-0380
This commit is contained in:
Nick Mathewson 2017-09-18 09:25:21 -04:00
parent e468498469
commit 09ea89764a
2 changed files with 7 additions and 2 deletions

5
changes/trove-2017-008 Normal file
View File

@ -0,0 +1,5 @@
o Major bugfixes (security, hidden services, loggging):
- Fix a bug where we could log uninitialized stack when a certain
hidden service error occurred while SafeLogging was disabled.
Fixes bug #23490; bugfix on 0.2.7.2-alpha.
This is also tracked as TROVE-2017-008 and CVE-2017-0380.

View File

@ -3372,6 +3372,8 @@ rend_service_intro_established(origin_circuit_t *circuit,
(unsigned)circuit->base_.n_circ_id); (unsigned)circuit->base_.n_circ_id);
goto err; goto err;
} }
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
rend_pk_digest, REND_SERVICE_ID_LEN);
/* We've just successfully established a intro circuit to one of our /* We've just successfully established a intro circuit to one of our
* introduction point, account for it. */ * introduction point, account for it. */
intro = find_intro_point(circuit); intro = find_intro_point(circuit);
@ -3388,8 +3390,6 @@ rend_service_intro_established(origin_circuit_t *circuit,
service->desc_is_dirty = time(NULL); service->desc_is_dirty = time(NULL);
circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO); circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
rend_pk_digest, REND_SERVICE_ID_LEN);
log_info(LD_REND, log_info(LD_REND,
"Received INTRO_ESTABLISHED cell on circuit %u for service %s", "Received INTRO_ESTABLISHED cell on circuit %u for service %s",
(unsigned)circuit->base_.n_circ_id, serviceid); (unsigned)circuit->base_.n_circ_id, serviceid);