diff --git a/changes/ticket40286_minimal b/changes/ticket40286_minimal index b8669debaa..6a04ca79eb 100644 --- a/changes/ticket40286_minimal +++ b/changes/ticket40286_minimal @@ -1,5 +1,6 @@ - o Major bugfixes (denial of service): + o Major bugfixes (security, denial of service): - Disable the dump_desc() function that we used to dump unparseable information to disk. It was called incorrectly in several places, - in a way that could lead to excessive CPU usage. - Fixes bug 40286; bugfix on 0.2.2.1-alpha. + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as + TROVE-2021-001 and CVE-2021-28089. diff --git a/src/feature/dirparse/unparseable.c b/src/feature/dirparse/unparseable.c index 9098bfa4e0..930717a6ff 100644 --- a/src/feature/dirparse/unparseable.c +++ b/src/feature/dirparse/unparseable.c @@ -498,8 +498,11 @@ dump_desc,(const char *desc, const char *type)) tor_assert(desc); tor_assert(type); #ifndef TOR_UNIT_TESTS - /* On older versions of Tor we are disabling this function, since it - * can be called with strings that are far too long. */ + /* For now, we are disabling this function, since it can be called with + * strings that are far too long. We can turn it back on if we fix it + * someday, but we'd need to give it a length argument. A likelier + * resolution here is simply to remove this module entirely. See tor#40286 + * for background. */ if (1) return; #endif