nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.3.5' into maint-0.4.4

Browse Source
This commit is contained in:
Nick Mathewson 2021-03-15 09:01:59 -04:00
commit 5ec579610a
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug40316 Normal file
View File

@ -0,0 +1,5 @@
o Major bugfixes (security, denial of service):
- Fix a bug in appending detached signatures to a pending consensus
document that could be used to crash a directory authority.
Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as
TROVE-2021-002 and CVE-2021-28090.

2
src/feature/dirauth/dirvote.c
View File

@ -3576,7 +3576,7 @@ dirvote_add_signatures_to_pending_consensus(
strlen(pc->body) + strlen(new_signatures) + 1; strlen(pc->body) + strlen(new_signatures) + 1;
pc->body = tor_realloc(pc->body, new_consensus_len); pc->body = tor_realloc(pc->body, new_consensus_len);
dst_end = pc->body + new_consensus_len; dst_end = pc->body + new_consensus_len;
dst = strstr(pc->body, "directory-signature "); dst = (char *) find_str_at_start_of_line(pc->body, "directory-signature ");
tor_assert(dst); tor_assert(dst);
strlcpy(dst, new_signatures, dst_end-dst); strlcpy(dst, new_signatures, dst_end-dst);