1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
From 09ea89764a4d3a907808ed7d4fe42abfe64bd486 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 18 Sep 2017 09:25:21 -0400
Subject: [PATCH] Fix log-uninitialized-stack bug in
rend_service_intro_established.
Fixes bug 23490; bugfix on 0.2.7.2-alpha.
TROVE-2017-008
CVE-2017-0380
---
changes/trove-2017-008 | 5 +++++
src/or/rendservice.c | 4 ++--
2 files changed, 7 insertions(+), 2 deletions(-)
create mode 100644 changes/trove-2017-008
diff --git a/changes/trove-2017-008 b/changes/trove-2017-008
new file mode 100644
index 0000000000..4b9c5b0a12
--- /dev/null
+++ b/changes/trove-2017-008
@@ -0,0 +1,5 @@
+ o Major bugfixes (security, hidden services, loggging):
+ - Fix a bug where we could log uninitialized stack when a certain
+ hidden service error occurred while SafeLogging was disabled.
+ Fixes bug #23490; bugfix on 0.2.7.2-alpha.
+ This is also tracked as TROVE-2017-008 and CVE-2017-0380.
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index fb777ca154..8087e88499 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3372,6 +3372,8 @@ rend_service_intro_established(origin_circuit_t *circuit,
(unsigned)circuit->base_.n_circ_id);
goto err;
}
+ base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
+ rend_pk_digest, REND_SERVICE_ID_LEN);
/* We've just successfully established a intro circuit to one of our
* introduction point, account for it. */
intro = find_intro_point(circuit);
@@ -3388,8 +3390,6 @@ rend_service_intro_established(origin_circuit_t *circuit,
service->desc_is_dirty = time(NULL);
circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);
- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
- rend_pk_digest, REND_SERVICE_ID_LEN);
log_info(LD_REND,
"Received INTRO_ESTABLISHED cell on circuit %u for service %s",
(unsigned)circuit->base_.n_circ_id, serviceid);
|
