mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Limit the number of elements in a consdiff hash line.
This avoids performing and then freeing a lot of small mallocs() if the hash line has too many elements. Fixes one case of bug 40472; resolves OSS-Fuzz 38363. Bugfix on 0.3.1.1-alpha when the consdiff parsing code was introduced.
This commit is contained in:
parent
4a24673436
commit
86819229af
6
changes/bug40472
Normal file
6
changes/bug40472
Normal file
@ -0,0 +1,6 @@
|
||||
o Minor bugfixes (performance, DoS):
|
||||
- Fix one case of a not-especially viable denial-of-service attack found
|
||||
by OSS-Fuzz in our consensus-diff parsing code. This attack causes a
|
||||
lot small of memory allocations and then immediately frees them: this
|
||||
is only slow when running with all the sanitizers enabled. Fixes one
|
||||
case of bug 40472; bugfix on 0.3.1.1-alpha.
|
@ -1126,7 +1126,7 @@ consdiff_get_digests(const smartlist_t *diff,
|
||||
{
|
||||
const cdline_t *line2 = smartlist_get(diff, 1);
|
||||
char *h = tor_memdup_nulterm(line2->s, line2->len);
|
||||
smartlist_split_string(hash_words, h, " ", 0, 0);
|
||||
smartlist_split_string(hash_words, h, " ", 0, 4);
|
||||
tor_free(h);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user