hs-v3: Don't BUG() on directory permission check failure

In hs_config.c, we do validate the permission of the hidden service directory
but we do not try to create it. So, in the event that the directory doesn't
exists, we end up in the loading key code path which checks for the
permission and possibly creates the directory. On failure, don't BUG() since
there is a perfectly valid use case for that function to fail.

Fixes #27335

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/changes/bug27335 b/changes/bug27335
new file mode 100644 (file)
index 0000000..dcc55a9
--- /dev/null
+++ b/changes/bug27335
@@ -0,0 +1,4 @@
+  o Minor bugfixes (hidden service v3):
+    - In case the hidden service directory can't be created or has wrong
+      permissions, do not BUG() on it which lead to a non fatal stacktrace.
+      Fixes bug 27335; bugfix on 0.3.2.1.

diff --git a/src/or/hs_service.c b/src/or/hs_service.c
index 33088480d127a9e0f5becd5665948a947a771c68..408625c3ac6d9bf136a5fa820594ed96aa7afd90 100644 (file)
--- a/src/or/hs_service.c
+++ b/src/or/hs_service.c
@@ -974,9 +974,9 @@ load_service_keys(hs_service_t *service)
    * files to that directory so make sure it exists and has the right
    * permissions. We do this here because at this stage we know that Tor is
    * actually running and the service we have has been validated. */
-  if (BUG(hs_check_service_private_dir(get_options()->User,
-                                       config->directory_path,
-                                       config->dir_group_readable, 1) < 0)) {
+  if (hs_check_service_private_dir(get_options()->User,
+                                   config->directory_path,
+                                   config->dir_group_readable, 1) < 0) {
     goto end;
   }