tor/changes/bug24313
David Goulet 3030741b5d hs-v2: Remove any expiring intro from the retry list
TROVE-2017-13. Severity: High.

In the unlikely case that a hidden service could be missing intro circuit(s),
that it didn't have enough directory information to open new circuits and that
an intro point was about to expire, a use-after-free is possible because of
the intro point object being both in the retry list and expiring list at the
same time.

The intro object would get freed after the circuit failed to open and then
access a second time when cleaned up from the expiring list.

Fixes #24313
2017-11-28 18:41:29 -05:00

6 lines
317 B
Plaintext

o Major bugfixes (security, hidden service v2):
- Fix a use-after-free error that could crash v2 Tor hidden services
when it failed to open circuits while expiring introductions
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This
issue is also tracked as TROVE-2017-013 and CVE-2017-8823.