tor/changes/bug2317
Sebastian Hahn 026e7987ad Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.

One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.

This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
2011-01-15 19:42:17 +01:00

10 lines
336 B
Plaintext

o Major features:
- Introduce minimum/maximum values that a client is going to believe
in a consensus. This helps to avoid crashes or worse when a param
has a weird value.
o Major bugfixes:
- Prevent crash/heap corruption when cbtnumnodes consensus parameter is
set to 0 or large values. Fixes bug 2317.