diff options
| author | John Brooks <special@torproject.org> | 2016-05-11 12:13:22 -0400 |
|---|---|---|
| committer | John Brooks <special@torproject.org> | 2016-05-11 13:11:03 -0400 |
| commit | bf3e32a45288b64e5535e02f40bd2bcb93c8a520 (patch) | |
| tree | d3ae8afc737e828e69cbf6a583cadb0908a849f0 /changes | |
| parent | 61c0bae4f20556cf155562582ea00a6a147252d6 (diff) | |
| download | tor-bf3e32a45288b64e5535e02f40bd2bcb93c8a520.tar.gz tor-bf3e32a45288b64e5535e02f40bd2bcb93c8a520.zip | |
Fix out-of-bounds write during voting with duplicate ed25519 keys
In dirserv_compute_performance_thresholds, we allocate arrays based
on the length of 'routers', a list of routerinfo_t, but loop over
the nodelist. The 'routers' list may be shorter when relays were
filtered by routers_make_ed_keys_unique, leading to an out-of-bounds
write on directory authorities.
This bug was originally introduced in 26e89742, but it doesn't look
possible to trigger until routers_make_ed_keys_unique was introduced
in 13a31e72.
Fixes bug 19032; bugfix on tor 0.2.8.2-alpha.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug19032 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/changes/bug19032 b/changes/bug19032 new file mode 100644 index 0000000000..93f17c2f91 --- /dev/null +++ b/changes/bug19032 @@ -0,0 +1,4 @@ + o Major bugfixes (security, directory authorities): + - Fix a crash and out-of-bounds write during authority voting, when the + list of relays includes duplicate ed25519 identity keys. Fixes bug 19032; + bugfix on 0.2.8.2-alpha. |