diff options
| author | Nick Mathewson <nickm@torproject.org> | 2021-03-15 09:01:59 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2021-03-15 09:01:59 -0400 |
| commit | 61731e35507fea1c932f80f0849dcae924113df1 (patch) | |
| tree | 0f3221849fffa65c107383c7fbbe9d9b532b427d | |
| parent | a6533af9e8d90fda13180064e98b49ac3c3cdf86 (diff) | |
| parent | 5ec579610ace4d3e4f0a6432b26e1e968beccf36 (diff) | |
| download | tor-61731e35507fea1c932f80f0849dcae924113df1.tar.gz tor-61731e35507fea1c932f80f0849dcae924113df1.zip | |
Merge branch 'maint-0.4.4' into maint-0.4.5
| -rw-r--r-- | changes/bug40316 | 5 | ||||
| -rw-r--r-- | src/feature/dirauth/dirvote.c | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/changes/bug40316 b/changes/bug40316 new file mode 100644 index 0000000000..cd275b5c9c --- /dev/null +++ b/changes/bug40316 @@ -0,0 +1,5 @@ + o Major bugfixes (security, denial of service): + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. + Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as + TROVE-2021-002 and CVE-2021-28090. diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index fa4d919aa9..7d83d105b1 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -3597,7 +3597,7 @@ dirvote_add_signatures_to_pending_consensus( strlen(pc->body) + strlen(new_signatures) + 1; pc->body = tor_realloc(pc->body, new_consensus_len); dst_end = pc->body + new_consensus_len; - dst = strstr(pc->body, "directory-signature "); + dst = (char *) find_str_at_start_of_line(pc->body, "directory-signature "); tor_assert(dst); strlcpy(dst, new_signatures, dst_end-dst); |