hs: Fix assert in hs_metrics_update_by_ident()

The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key
when a building circuit would end up in a failure path *before* the "hs_ident"
was able to be set which leading to this assert.

This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit
failure metrics for the MetricsPort.

This fixes TROVE-2023-006 for which its severity is considered high.

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/changes/ticket40883 b/changes/ticket40883
new file mode 100644 (file)
index 0000000..1186571
--- /dev/null
+++ b/changes/ticket40883
@@ -0,0 +1,4 @@
+  o Major bugfixes (onion service, TROVE-2023-006):
+    - Fix a possible hard assert on a NULL pointer when recording a failed
+      rendezvous circuit on the service side for the MetricsPort. Fixes bug
+      40883; bugfix on 0.4.8.1-alpha

diff --git a/src/feature/hs/hs_metrics.c b/src/feature/hs/hs_metrics.c
index 19a330a01eb08380cfcc901a8029557182e1d03e..4ce91c2b320f4e652ae65211902ca8842403db2c 100644 (file)
--- a/src/feature/hs/hs_metrics.c
+++ b/src/feature/hs/hs_metrics.c
@@ -199,7 +199,12 @@ hs_metrics_update_by_ident(const hs_metrics_key_t key,
 {
   hs_service_t *service;
 
-  tor_assert(ident_pk);
+  if (!ident_pk) {
+    /* We can end up here in case this is used from a failure/closing path for
+     * which we might not have any identity key attacehed to a circuit or
+     * connection yet. Simply don't assume we have one. */
+    return;
+  }
 
   service = hs_service_find(ident_pk);
   if (!service) {