[tor-commits] [tor/maint-0.3.5] Fix TROVE-2020-003.

nickm at torproject.org nickm at torproject.org
Tue Mar 17 15:53:32 UTC 2020


commit 089e57d22f7c5e755a2d88d0b102207f7207ee27
Author: George Kadianakis <desnacked at riseup.net>
Date:   Tue Feb 11 18:37:55 2020 +0200

    Fix TROVE-2020-003.
    
    Given that ed25519 public key validity checks are usually not needed
    and (so far) they are only necessary for onion addesses in the Tor
    protocol, we decided to fix this specific bug instance without
    modifying the rest of the codebase (see below for other fix
    approaches).
    
    In our minimal fix we check that the pubkey in
    hs_service_add_ephemeral() is valid and error out otherwise.
---
 changes/trove_2020_003      | 4 ++++
 src/feature/hs/hs_service.c | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/changes/trove_2020_003 b/changes/trove_2020_003
new file mode 100644
index 000000000..aa1a8f1c7
--- /dev/null
+++ b/changes/trove_2020_003
@@ -0,0 +1,4 @@
+  o Minor bugfixes (onion services v3):
+  - Fix assertion failure that could result from a corrupted ADD_ONION control
+    port command. Found by Saibato. Fixes bug 33137; bugfix on
+    0.3.3.1-alpha. This issue is also being tracked as TROVE-2020-003.
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index 7e150599f..6d32cae86 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -3578,6 +3578,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
     goto err;
   }
 
+  if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) {
+    log_warn(LD_CONFIG, "Bad ed25519 private key was provided");
+    ret = RSAE_BADPRIVKEY;
+    goto err;
+  }
+
   /* Make sure we have at least one port. */
   if (smartlist_len(service->config.ports) == 0) {
     log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified "



More information about the tor-commits mailing list