diff options
author | Nick Mathewson <nickm@torproject.org> | 2021-03-15 08:54:00 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2021-03-15 08:54:00 -0400 |
commit | 9c63b3b0c22f67e059d9c9dcb22ce0d8efc0512a (patch) | |
tree | a97a3d0751b6d93f50aedeba53b1a0cda129d07d | |
parent | 1fdfa8eeed7f29b1e44f29d0a07e467f6adb062f (diff) | |
parent | a6533af9e8d90fda13180064e98b49ac3c3cdf86 (diff) | |
download | tor-9c63b3b0c22f67e059d9c9dcb22ce0d8efc0512a.tar.gz tor-9c63b3b0c22f67e059d9c9dcb22ce0d8efc0512a.zip |
Merge branch 'maint-0.4.5' into release-0.4.5
-rw-r--r-- | changes/ticket40286_minimal | 7 | ||||
-rw-r--r-- | src/feature/dirparse/unparseable.c | 7 |
2 files changed, 9 insertions, 5 deletions
diff --git a/changes/ticket40286_minimal b/changes/ticket40286_minimal index b8669debaa..6a04ca79eb 100644 --- a/changes/ticket40286_minimal +++ b/changes/ticket40286_minimal @@ -1,5 +1,6 @@ - o Major bugfixes (denial of service): + o Major bugfixes (security, denial of service): - Disable the dump_desc() function that we used to dump unparseable information to disk. It was called incorrectly in several places, - in a way that could lead to excessive CPU usage. - Fixes bug 40286; bugfix on 0.2.2.1-alpha. + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as + TROVE-2021-001 and CVE-2021-28089. diff --git a/src/feature/dirparse/unparseable.c b/src/feature/dirparse/unparseable.c index da3c80e383..a91148a661 100644 --- a/src/feature/dirparse/unparseable.c +++ b/src/feature/dirparse/unparseable.c @@ -498,8 +498,11 @@ dump_desc,(const char *desc, const char *type)) tor_assert(desc); tor_assert(type); #ifndef TOR_UNIT_TESTS - /* On older versions of Tor we are disabling this function, since it - * can be called with strings that are far too long. */ + /* For now, we are disabling this function, since it can be called with + * strings that are far too long. We can turn it back on if we fix it + * someday, but we'd need to give it a length argument. A likelier + * resolution here is simply to remove this module entirely. See tor#40286 + * for background. */ if (1) return; #endif |