diff options
| author | Nick Mathewson <nickm@torproject.org> | 2021-03-15 09:01:59 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2021-03-15 09:01:59 -0400 |
| commit | 5ec579610ace4d3e4f0a6432b26e1e968beccf36 (patch) | |
| tree | 46e9096a74a98dae6c67410eac4a5e34f4192bc3 | |
| parent | 2eb900f7e2ca64e6ce16fc86410cafd935e7cd1e (diff) | |
| parent | f078aab71ef56e1942caec5f27e0f336f2a7c7d1 (diff) | |
| download | tor-5ec579610ace4d3e4f0a6432b26e1e968beccf36.tar.gz tor-5ec579610ace4d3e4f0a6432b26e1e968beccf36.zip | |
Merge branch 'maint-0.3.5' into maint-0.4.4
| -rw-r--r-- | changes/bug40316 | 5 | ||||
| -rw-r--r-- | src/feature/dirauth/dirvote.c | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/changes/bug40316 b/changes/bug40316 new file mode 100644 index 0000000000..cd275b5c9c --- /dev/null +++ b/changes/bug40316 @@ -0,0 +1,5 @@ + o Major bugfixes (security, denial of service): + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. + Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as + TROVE-2021-002 and CVE-2021-28090. diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index 828ecbc372..d9fbd2a7ce 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -3576,7 +3576,7 @@ dirvote_add_signatures_to_pending_consensus( strlen(pc->body) + strlen(new_signatures) + 1; pc->body = tor_realloc(pc->body, new_consensus_len); dst_end = pc->body + new_consensus_len; - dst = strstr(pc->body, "directory-signature "); + dst = (char *) find_str_at_start_of_line(pc->body, "directory-signature "); tor_assert(dst); strlcpy(dst, new_signatures, dst_end-dst); |