Avoid asking for passphrase on junky PEM input

Fixes bug 24246 and TROVE-2017-011. This bug is so old, it's in Matej's code. Seems to have been introduced with e01522bbed6eea.
author: Nick Mathewson <nickm@torproject.org> 2017-11-11 14:21:37 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-11-27 15:25:03 -0500
commit: 1880a6a88e240556a8e6b169f1160aa8220ab0ec (patch)
tree: ce5cbc2b47a7e6a75a3a5b409f691e7fb12fe548 /changes/trove-2017-011
parent: 6f8c32b7deb9f0cec6d1553aba71969c9fb6064f (diff)
download: tor-1880a6a88e240556a8e6b169f1160aa8220ab0ec.tar.gz
tor-1880a6a88e240556a8e6b169f1160aa8220ab0ec.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/trove-2017-011 b/changes/trove-2017-011
new file mode 100644
index 0000000000..82d20d9e78
--- /dev/null
+++ b/changes/trove-2017-011
@@ -0,0 +1,8 @@
+  o Major bugfixes (security):
+    - Fix a denial of service bug where an attacker could use a malformed
+      directory object to cause a Tor instance to pause while OpenSSL would
+      try to read a passphrase from the terminal. (If the terminal was not
+      available, tor would continue running.)  Fixes bug 24246; bugfix on
+      every version of Tor.  Also tracked as TROVE-2017-011 and
+      CVE-2017-8821.  Found by OSS-Fuzz as testcase 6360145429790720.
+
author	Nick Mathewson <nickm@torproject.org>	2017-11-11 14:21:37 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-11-27 15:25:03 -0500
commit	1880a6a88e240556a8e6b169f1160aa8220ab0ec (patch)
tree	ce5cbc2b47a7e6a75a3a5b409f691e7fb12fe548 /changes/trove-2017-011
parent	6f8c32b7deb9f0cec6d1553aba71969c9fb6064f (diff)
download	tor-1880a6a88e240556a8e6b169f1160aa8220ab0ec.tar.gz tor-1880a6a88e240556a8e6b169f1160aa8220ab0ec.zip