Fix triggerable BUG() when decoding hsv3 descriptors.

Also improve the unittest to make sure it catches the right error.

diff --git a/changes/bug23233 b/changes/bug23233
new file mode 100644 (file)
index 0000000..689a99a
--- /dev/null
+++ b/changes/bug23233
@@ -0,0 +1,4 @@
+  o Minor bugfixes (hidden service):
+    - Fix a BUG alert during HSv3 descriptor decoding that could trigger with a
+      specially crafted descriptor. Fixes bug #23233; bugfix on 0.3.0.1-alpha.
+      Bug found by "haxxpop".

diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 7c2e76942a5f7933abedc4e8d471a45b842a835e..616d2f280b4984566420dea124af2d0042c19f86 100644 (file)
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -1852,7 +1852,8 @@ desc_sig_is_valid(const char *b64_sig,
   sig_start = tor_memstr(encoded_desc, encoded_len, "\n" str_signature);
   /* Getting here means the token parsing worked for the signature so if we
    * can't find the start of the signature, we have a code flow issue. */
-  if (BUG(!sig_start)) {
+  if (!sig_start) {
+    log_warn(LD_GENERAL, "Malformed signature line. Rejecting.");
     goto err;
   }
   /* Skip newline, it has to go in the signature check. */

diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index 5be0747085201fb57b0c2365402644f569761668..b68bd108faebb8e28dc6fe10bee906d631f7fccf 100644 (file)
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -569,8 +569,12 @@ test_decode_bad_signature(void *arg)
   /* Update approx time to dodge cert expiration */
   update_approx_time(1502661599);
 
+
+  setup_full_capture_of_logs(LOG_WARN);
   ret = hs_desc_decode_plaintext(HS_DESC_BAD_SIG, &desc_plaintext);
   tt_int_op(ret, OP_EQ, -1);
+  expect_log_msg_containing("Malformed signature line. Rejecting.");
+  teardown_capture_of_logs();
 
  done: ;
 }