[tor-bugs] #16400 [Tor]: Bug: Assertion cp failed in microdescs_parse_from_string at ../src/or/routerparse.c:4168

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 22 18:34:54 UTC 2015


#16400: Bug: Assertion cp failed in microdescs_parse_from_string at
../src/or/routerparse.c:4168
-------------------------+-------------------------------------------------
     Reporter:  torkeln  |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  major    |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor      |    Version:  Tor: 0.2.6.9
   Resolution:           |   Keywords:  routerparse.c, assertion,
Actual Points:           |  026-backport
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by cypherpunks_backup):

 Looks good, but this digest stuff could be fixed this way from start while
 keeping proper parsing. Idea for patch (0.2.5.x):
 {{{
 --- /home/ubuntu/tor-0.2.6.7/mod/routerparse.c  2014-10-10
 13:06:25.000000000 +0000
 +++ /home/ubuntu/tor-0.2.6.7/mod/routerparse.fromstart.c        2015-06-22
 18:31:53.557326382 +0000
 @@ -4019,12 +4019,14 @@
  smartlist_t *
  microdescs_parse_from_string(const char *s, const char *eos,
                               int allow_annotations,
 -                             saved_location_t where)
 +                             saved_location_t where,
 +                             smartlist_t *invalid_digests_out)
  {
    smartlist_t *tokens;
    smartlist_t *result;
    microdesc_t *md = NULL;
    memarea_t *area;
 +  char digest[DIGEST256_LEN];
    const char *start = s;
    const char *start_of_next_microdesc;
    int flags = allow_annotations ? TS_ANNOTATIONS_OK : 0;
 @@ -4041,10 +4043,21 @@
    tokens = smartlist_new();

    while (s < eos) {
 +    int okay = 0;
 +
      start_of_next_microdesc = find_start_of_next_microdesc(s, eos);
      if (!start_of_next_microdesc)
        start_of_next_microdesc = eos;

 +    const char *cp = tor_memstr(s, start_of_next_microdesc-s,
 +                                "onion-key");
 +    size_t md_len;
 +    if (cp)
 +      md_len = start_of_next_microdesc - cp;
 +    else
 +      md_len = start_of_next_microdesc - s;
 +
 +    crypto_digest256(digest, s, md_len, DIGEST_SHA256);
      if (tokenize_string(area, s, start_of_next_microdesc, tokens,
                          microdesc_token_table, flags)) {
        log_warn(LD_DIR, "Unparseable microdescriptor");
 @@ -4053,8 +4066,6 @@

      md = tor_malloc_zero(sizeof(microdesc_t));
      {
 -      const char *cp = tor_memstr(s, start_of_next_microdesc-s,
 -                                  "onion-key");
        tor_assert(cp);

        md->bodylen = start_of_next_microdesc - cp;
 @@ -4121,12 +4132,17 @@
        md->ipv6_exit_policy = parse_short_policy(tok->args[0]);
      }

 -    crypto_digest256(md->digest, md->body, md->bodylen, DIGEST_SHA256);
 +    memcpy(md->digest, digest, DIGEST256_LEN);

      smartlist_add(result, md);
 +    okay = 1;

      md = NULL;
    next:
 +    if (! okay && invalid_digests_out) {
 +      smartlist_add(invalid_digests_out,
 +                    tor_memdup(digest, DIGEST256_LEN));
 +    }
      microdesc_free(md);
      md = NULL;
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16400#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list