diff options
| author | David Goulet <dgoulet@torproject.org> | 2022-04-14 09:34:46 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2022-04-14 09:34:46 -0400 |
| commit | 9ac479ce1c20fd2e58528900b54d5b81bedb641d (patch) | |
| tree | e4a125fa8b5a8c660c9b83aba4e286e84d096e9d | |
| parent | b882b8d5d4b6c76e41fdf316b58fc26330ec7198 (diff) | |
| parent | 86819229afde13ae8466ee782f4c4bd9ba6f37cd (diff) | |
| download | tor-9ac479ce1c20fd2e58528900b54d5b81bedb641d.tar.gz tor-9ac479ce1c20fd2e58528900b54d5b81bedb641d.zip | |
Merge branch 'tor-gitlab/mr/497' into maint-0.4.5
| -rw-r--r-- | changes/bug40472 | 6 | ||||
| -rw-r--r-- | src/feature/dircommon/consdiff.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/changes/bug40472 b/changes/bug40472 new file mode 100644 index 0000000000..d87c1dc2cc --- /dev/null +++ b/changes/bug40472 @@ -0,0 +1,6 @@ + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack found + by OSS-Fuzz in our consensus-diff parsing code. This attack causes a + lot small of memory allocations and then immediately frees them: this + is only slow when running with all the sanitizers enabled. Fixes one + case of bug 40472; bugfix on 0.3.1.1-alpha. diff --git a/src/feature/dircommon/consdiff.c b/src/feature/dircommon/consdiff.c index 988d7f71ab..9511177e2b 100644 --- a/src/feature/dircommon/consdiff.c +++ b/src/feature/dircommon/consdiff.c @@ -1128,7 +1128,7 @@ consdiff_get_digests(const smartlist_t *diff, { const cdline_t *line2 = smartlist_get(diff, 1); char *h = tor_memdup_nulterm(line2->s, line2->len); - smartlist_split_string(hash_words, h, " ", 0, 0); + smartlist_split_string(hash_words, h, " ", 0, 4); tor_free(h); } |