Skip to content

Commit 09ea897

Browse files
committed
Fix log-uninitialized-stack bug in rend_service_intro_established.
Fixes bug 23490; bugfix on 0.2.7.2-alpha. TROVE-2017-008 CVE-2017-0380
1 parent e468498 commit 09ea897

File tree

2 files changed

+7
-2
lines changed

2 files changed

+7
-2
lines changed

Diff for: changes/trove-2017-008

+5
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
o Major bugfixes (security, hidden services, loggging):
2+
- Fix a bug where we could log uninitialized stack when a certain
3+
hidden service error occurred while SafeLogging was disabled.
4+
Fixes bug #23490; bugfix on 0.2.7.2-alpha.
5+
This is also tracked as TROVE-2017-008 and CVE-2017-0380.

Diff for: src/or/rendservice.c

+2-2
Original file line numberDiff line numberDiff line change
@@ -3372,6 +3372,8 @@ rend_service_intro_established(origin_circuit_t *circuit,
33723372
(unsigned)circuit->base_.n_circ_id);
33733373
goto err;
33743374
}
3375+
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
3376+
rend_pk_digest, REND_SERVICE_ID_LEN);
33753377
/* We've just successfully established a intro circuit to one of our
33763378
* introduction point, account for it. */
33773379
intro = find_intro_point(circuit);
@@ -3388,8 +3390,6 @@ rend_service_intro_established(origin_circuit_t *circuit,
33883390
service->desc_is_dirty = time(NULL);
33893391
circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);
33903392

3391-
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
3392-
rend_pk_digest, REND_SERVICE_ID_LEN);
33933393
log_info(LD_REND,
33943394
"Received INTRO_ESTABLISHED cell on circuit %u for service %s",
33953395
(unsigned)circuit->base_.n_circ_id, serviceid);

0 commit comments

Comments
 (0)