tor/bug27206 at 75b95e1c8e28e1136b5bc98fd89321e478f4b836 - tor - Git with a cup of Datura seeds

nihilist/tor

mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 05:26:20 +02:00

cypherpunks c613d55134 rust/protover: use .and_not_in() instead of .retain() in all_supported()

.retain() would allocating a Vec of billions of integers and check them
one at a time to separate the supported versions from the unsupported.
This leads to a memory DoS.

Closes ticket 27206. Bugfix on e6625113c9.

2018-09-14 15:08:55 +00:00

5 lines

197 B

Plaintext

Raw Blame History

   o Minor bugfixes (rust):
     - protover_all_supported() would attempt to allocate up to 16GB on some
       inputs, leading to a potential memory DoS. Fixes bug 27206; bugfix on
 .3.3.5-rc.