Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix log-uninitialized-stack bug in rend_service_intro_established.
Fixes bug 23490; bugfix on 0.2.7.2-alpha.

TROVE-2017-008
CVE-2017-0380
  • Loading branch information
nmathewson committed Sep 18, 2017
1 parent e468498 commit 09ea897
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
5 changes: 5 additions & 0 deletions changes/trove-2017-008
@@ -0,0 +1,5 @@
o Major bugfixes (security, hidden services, loggging):
- Fix a bug where we could log uninitialized stack when a certain
hidden service error occurred while SafeLogging was disabled.
Fixes bug #23490; bugfix on 0.2.7.2-alpha.
This is also tracked as TROVE-2017-008 and CVE-2017-0380.
4 changes: 2 additions & 2 deletions src/or/rendservice.c
Expand Up @@ -3372,6 +3372,8 @@ rend_service_intro_established(origin_circuit_t *circuit,
(unsigned)circuit->base_.n_circ_id);
goto err;
}
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
rend_pk_digest, REND_SERVICE_ID_LEN);
/* We've just successfully established a intro circuit to one of our
* introduction point, account for it. */
intro = find_intro_point(circuit);
Expand All @@ -3388,8 +3390,6 @@ rend_service_intro_established(origin_circuit_t *circuit,
service->desc_is_dirty = time(NULL);
circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);

base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
rend_pk_digest, REND_SERVICE_ID_LEN);
log_info(LD_REND,
"Received INTRO_ESTABLISHED cell on circuit %u for service %s",
(unsigned)circuit->base_.n_circ_id, serviceid);
Expand Down

0 comments on commit 09ea897

Please sign in to comment.