mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-20 21:16:22 +02:00
bf3e32a452
In dirserv_compute_performance_thresholds, we allocate arrays based on the length of 'routers', a list of routerinfo_t, but loop over the nodelist. The 'routers' list may be shorter when relays were filtered by routers_make_ed_keys_unique, leading to an out-of-bounds write on directory authorities. This bug was originally introduced in26e89742, but it doesn't look possible to trigger until routers_make_ed_keys_unique was introduced in13a31e72. Fixes bug 19032; bugfix on tor 0.2.8.2-alpha.
5 lines
241 B
Plaintext
5 lines
241 B
Plaintext
o Major bugfixes (security, directory authorities):
|
|
- Fix a crash and out-of-bounds write during authority voting, when the
|
|
list of relays includes duplicate ed25519 identity keys. Fixes bug 19032;
|
|
bugfix on 0.2.8.2-alpha.
|