diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-02-14 10:45:57 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-03-01 16:05:17 -0500 |
| commit | a83650852d3cd00c9916cae74d755ae55a6b506d (patch) | |
| tree | fa12d59b56d39f7ec3b8e2ae5f8c93e149a946a0 | |
| parent | 65f2eec694f18a64291cc85317b9f22dacc1d8e4 (diff) | |
| download | tor-a83650852d3cd00c9916cae74d755ae55a6b506d.tar.gz tor-a83650852d3cd00c9916cae74d755ae55a6b506d.zip | |
Add another NULL-pointer fix for protover.c.
This one can only be exploited if you can generate a correctly
signed consensus, so it's not as bad as 25074.
Fixes bug 25251; also tracked as TROVE-2018-004.
| -rw-r--r-- | changes/trove-2018-004 | 8 | ||||
| -rw-r--r-- | src/or/protover.c | 5 |
2 files changed, 13 insertions, 0 deletions
diff --git a/changes/trove-2018-004 b/changes/trove-2018-004 new file mode 100644 index 0000000000..37e0a89b0d --- /dev/null +++ b/changes/trove-2018-004 @@ -0,0 +1,8 @@ + o Minor bugfixes (denial-of-service): + - Fix a possible crash on malformed consensus. If a consensus had + contained an unparseable protocol line, it could have made clients + and relays crash with a null-pointer exception. To exploit this + issue, however, an attacker would need to be able to subvert the + directory-authority system. Fixes bug 25251; bugfix on + 0.2.9.4-alpha. Also tracked as TROVE-2018-004. + diff --git a/src/or/protover.c b/src/or/protover.c index a750774623..e63036f784 100644 --- a/src/or/protover.c +++ b/src/or/protover.c @@ -624,6 +624,11 @@ protover_all_supported(const char *s, char **missing_out) } smartlist_t *entries = parse_protocol_list(s); + if (BUG(entries == NULL)) { + log_warn(LD_NET, "Received an unparseable protocol list %s" + " from the consensus", escaped(s)); + return 1; + } missing = smartlist_new(); |