Fix TROVE-2020-003.

Given that ed25519 public key validity checks are usually not needed
and (so far) they are only necessary for onion addesses in the Tor
protocol, we decided to fix this specific bug instance without
modifying the rest of the codebase (see below for other fix
approaches).

In our minimal fix we check that the pubkey in
hs_service_add_ephemeral() is valid and error out otherwise.

diff --git a/changes/trove_2020_003 b/changes/trove_2020_003
new file mode 100644 (file)
index 0000000..aa1a8f1
--- /dev/null
+++ b/changes/trove_2020_003
@@ -0,0 +1,4 @@
+  o Minor bugfixes (onion services v3):
+  - Fix assertion failure that could result from a corrupted ADD_ONION control
+    port command. Found by Saibato. Fixes bug 33137; bugfix on
+    0.3.3.1-alpha. This issue is also being tracked as TROVE-2020-003.

diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index 7e150599fc78a31a91ec99d4065b9094b6702e09..6d32cae86c5ee09bd6c2938e08f2cf1b1b19e09d 100644 (file)
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -3578,6 +3578,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
     goto err;
   }
 
+  if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
+    log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
+    ret = RSAE_BADPRIVKEY;
+    goto err;
+  }
+
   /* Make sure we have at least one port. */
   if (smartlist_len(service->config.ports) == 0) {
     log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "