commit e7d7e04155f0c7dd1282d4c77bdd02cae8bc0fe7 Author: Nick Mathewson <nickm@torproject.org> Date: Mon Sep 9 12:58:30 2019 -0400 Do not look inside bogus microdesc when listing its digest as invalid We have code in microdescs_parse_from_string() to record the digests of microdescriptors that we could not parse. But right now, that code looks at the md->digest field, which is a bit inelegant, and will stand in the way of sensible refactoring. Instead, use a local variable to hold the digest. --- src/feature/dirparse/microdesc_parse.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/feature/dirparse/microdesc_parse.c b/src/feature/dirparse/microdesc_parse.c index 441c3bb83..e77166066 100644 --- a/src/feature/dirparse/microdesc_parse.c +++ b/src/feature/dirparse/microdesc_parse.c @@ -167,6 +167,7 @@ microdescs_parse_from_string(const char *s, const char *eos, start_of_next_microdesc = eos; md = tor_malloc_zero(sizeof(microdesc_t)); + uint8_t md_digest[DIGEST256_LEN]; { const char *cp = tor_memstr(s, start_of_next_microdesc-s, "onion-key"); @@ -183,6 +184,7 @@ microdescs_parse_from_string(const char *s, const char *eos, md->body = (char*)cp; md->off = cp - start; crypto_digest256(md->digest, md->body, md->bodylen, DIGEST_SHA256); + memcpy(md_digest, md->digest, DIGEST256_LEN); if (no_onion_key) { log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Malformed or truncated descriptor"); goto next; @@ -279,7 +281,7 @@ microdescs_parse_from_string(const char *s, const char *eos, next: if (! okay && invalid_digests_out) { smartlist_add(invalid_digests_out, - tor_memdup(md->digest, DIGEST256_LEN)); + tor_memdup(md_digest, DIGEST256_LEN)); } microdesc_free(md); md = NULL;