commit e22a8d9c956f838138a7e5bc0714b1bb99f0e2a5 Merge: 80031db32 55cb6c3fc Author: Nick Mathewson nickm@torproject.org Date: Mon Apr 13 14:14:41 2020 -0400

Merge branch 'maint-0.4.3'

changes/bug33545 | 4 ++++ src/feature/control/control_hs.c | 9 ++++++++- src/feature/hs/hs_client.c | 7 +++++++ src/feature/hs/hs_client.h | 2 +- src/feature/hs/hs_descriptor.c | 8 ++++++-- src/test/test_hs_client.c | 4 ++++ src/test/test_hs_control.c | 14 ++++++++++++++ 7 files changed, 44 insertions(+), 4 deletions(-)

diff --cc src/feature/hs/hs_descriptor.c index a39a4a09c,d1c81bbff..50a46fb40 --- a/src/feature/hs/hs_descriptor.c +++ b/src/feature/hs/hs_descriptor.c @@@ -1429,14 -1434,17 +1429,18 @@@ decrypt_descriptor_cookie(const hs_desc tor_assert(!fast_mem_is_zero( (char *) &desc->superencrypted_data.auth_ephemeral_pubkey, sizeof(desc->superencrypted_data.auth_ephemeral_pubkey))); - tor_assert(!fast_mem_is_zero((char *) client_auth_sk, - sizeof(*client_auth_sk))); - tor_assert(!fast_mem_is_zero((char *) desc->subcredential, DIGEST256_LEN)); + tor_assert(!fast_mem_is_zero((char *) desc->subcredential.subcred, + DIGEST256_LEN));

+ /* Catch potential code-flow cases of an unitialized private key sneaking + * into this function. */ + if (BUG(fast_mem_is_zero((char *)client_auth_sk, sizeof(*client_auth_sk)))) { + goto done; + } + /* Get the KEYS component to derive the CLIENT-ID and COOKIE-KEY. */ keystream_length = - build_descriptor_cookie_keys(desc->subcredential, DIGEST256_LEN, + build_descriptor_cookie_keys(&desc->subcredential, client_auth_sk, &desc->superencrypted_data.auth_ephemeral_pubkey, &keystream);