[tor-commits] [tor/master] control: Fix NULL pointer access in HS desc event

Wed May 3 13:31:54 UTC 2017

commit 90b840af60a43eb8f8f66080ff5f53dda9df717b
Author: David Goulet <dgoulet at torproject.org>
Date:   Wed May 3 09:26:17 2017 -0400

    control: Fix NULL pointer access in HS desc event
    
    This was introduced 90562fc23a7ce61f3660b507d9991a27af2eae37 adding a code
    path where we pass a NULL pointer for the HSDir fingerprint to the control
    event subsystem. The HS desc failed function wasn't handling properly that
    pointer for a NULL value.
    
    Two unit tests are also added in this commit to make sure we handle properly
    the case of a NULL hsdir fingerprint and a NULL content as well.
    
    Fixes #22138
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 src/or/control.c   |  5 +++++
 src/test/test_hs.c | 23 ++++++++++++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/or/control.c b/src/or/control.c
index 9b0d7c0..65d2925 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -6924,6 +6924,11 @@ get_desc_id_from_query(const rend_data_t *rend_data, const char *hsdir_fp)
     goto end;
   }
 
+  /* Without a directory fingerprint at this stage, we can't do much. */
+  if (hsdir_fp == NULL) {
+     goto end;
+  }
+
   /* OK, we have an onion address so now let's find which descriptor ID
    * is the one associated with the HSDir fingerprint. */
   for (replica = 0; replica < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index c3457c4..b4817a2 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -210,9 +210,30 @@ test_hs_desc_event(void *arg)
   tt_str_op(received_msg,OP_EQ, expected_msg);
   tor_free(received_msg);
 
-  /* test valid content. */
+  /* test no HSDir fingerprint type */
+  rend_query.auth_type = REND_NO_AUTH;
+  control_event_hs_descriptor_failed(&rend_query.base_, NULL,
+                                     "QUERY_NO_HSDIR");
+  expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" NO_AUTH " \
+                 "UNKNOWN REASON=QUERY_NO_HSDIR\r\n";
+  tt_assert(received_msg);
+  tt_str_op(received_msg,OP_EQ, expected_msg);
+  tor_free(received_msg);
+
+  /* Test invalid content with no HSDir fingerprint. */
   char *exp_msg;
   control_event_hs_descriptor_content(rend_query.onion_address,
+                                      STR_HS_CONTENT_DESC_ID, NULL, NULL);
+  tor_asprintf(&exp_msg, "650+HS_DESC_CONTENT " STR_HS_ADDR " "\
+               STR_HS_CONTENT_DESC_ID " UNKNOWN" \
+               "\r\n\r\n.\r\n650 OK\r\n");
+  tt_assert(received_msg);
+  tt_str_op(received_msg, OP_EQ, exp_msg);
+  tor_free(received_msg);
+  tor_free(exp_msg);
+
+  /* test valid content. */
+  control_event_hs_descriptor_content(rend_query.onion_address,
                                       STR_HS_CONTENT_DESC_ID, HSDIR_EXIST_ID,
                                       hs_desc_content);
   tor_asprintf(&exp_msg, "650+HS_DESC_CONTENT " STR_HS_ADDR " "\

