nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 13:06:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
7d845976e3
tor/changes/trove-2017-011
Nick Mathewson 1880a6a88e Avoid asking for passphrase on junky PEM input 
Fixes bug 24246 and TROVE-2017-011.

This bug is so old, it's in Matej's code.  Seems to have been
introduced with e01522bbed.
2017-11-27 15:25:03 -05:00

9 lines
465 B
Plaintext
Raw Blame History

o Major bugfixes (security):
- Fix a denial of service bug where an attacker could use a malformed
directory object to cause a Tor instance to pause while OpenSSL would
try to read a passphrase from the terminal. (If the terminal was not
available, tor would continue running.) Fixes bug 24246; bugfix on
every version of Tor. Also tracked as TROVE-2017-011 and
CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
Reference in New Issue View Git Blame Copy Permalink