Handle NULL input to protover_compute_for_old_tor()

Fixes bug 24245; bugfix on 0.2.9.4-alpha. TROVE-2017-010.
author: Nick Mathewson <nickm@torproject.org> 2017-11-11 13:56:35 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-11-27 15:16:30 -0500
commit: 2c0487ecfb410d1361b114e60d8e9ffd2ed092ec (patch)
tree: f5b573ea8afcdbd7a6ca7a50dc880c8e71bde5db
parent: 9666c620d584b2c715596b415a808941b17cbda0 (diff)
download: tor-2c0487ecfb410d1361b114e60d8e9ffd2ed092ec.tar.gz
tor-2c0487ecfb410d1361b114e60d8e9ffd2ed092ec.zip
2 files changed, 11 insertions, 0 deletions
diff --git a/changes/trove-2017-010 b/changes/trove-2017-010
new file mode 100644
index 0000000000..d5bf9333da
--- /dev/null
+++ b/changes/trove-2017-010
@@ -0,0 +1,6 @@
+  o Major bugfixes (security):
+    - Fix a denial-of-service issue where an attacker could crash
+      a directory authority using a malformed router descriptor.
+      Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked
+      as TROVE-2017-010 and CVE-2017-8820.
+
diff --git a/src/or/protover.c b/src/or/protover.c
index 0a4d4fb8fd..98957cabdf 100644
--- a/src/or/protover.c
+++ b/src/or/protover.c
@@ -694,6 +694,11 @@ protocol_list_contains(const smartlist_t *protos,
 const char *
 protover_compute_for_old_tor(const char *version)
 {
+  if (version == NULL) {
+    /* No known version; guess the oldest series that is still supported. */
+    version = "0.2.5.15";
+  }
+
   if (tor_version_as_new_as(version,
                             FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS)) {
     return "";
author	Nick Mathewson <nickm@torproject.org>	2017-11-11 13:56:35 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-11-27 15:16:30 -0500
commit	2c0487ecfb410d1361b114e60d8e9ffd2ed092ec (patch)
tree	f5b573ea8afcdbd7a6ca7a50dc880c8e71bde5db
parent	9666c620d584b2c715596b415a808941b17cbda0 (diff)
download	tor-2c0487ecfb410d1361b114e60d8e9ffd2ed092ec.tar.gz tor-2c0487ecfb410d1361b114e60d8e9ffd2ed092ec.zip