[tor-bugs] #23233 [Core Tor/Tor]: Unexpected BUG violation in hsv3 decriptor decoding
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Aug 13 20:15:15 UTC 2017
#23233: Unexpected BUG violation in hsv3 decriptor decoding
------------------------------+--------------------------
Reporter: haxxpop | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: prop224,easy
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------
As you can see in hs_descriptor.c
{{{
/* Find the start of signature. */
sig_start = tor_memstr(encoded_desc, encoded_len, "\n" str_signature);
/* Getting here means the token parsing worked for the signature so if
we
* can't find the start of the signature, we have a code flow issue. */
if (BUG(!sig_start)) {
goto err;
}
}}}
str_signature is "signature", so, if you send the "\n signature" (like in
the attachment) instead of "\nsignature" tor_memstr will return null and
violate `BUG(!sig_start)`
I suggest that we should just remove BUG and let it be `if (!sig_start) {`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23233>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list