diff options
| author | Nick Mathewson <nickm@torproject.org> | 2021-12-06 12:35:08 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2021-12-06 12:35:08 -0500 |
| commit | 86819229afde13ae8466ee782f4c4bd9ba6f37cd (patch) | |
| tree | 8e2b8c7e790248fb13b3231432b9ad7c4d83dd75 /changes | |
| parent | 4a24673436b2f8cf7a6bbbb353f97f1ae403e411 (diff) | |
| download | tor-86819229afde13ae8466ee782f4c4bd9ba6f37cd.tar.gz tor-86819229afde13ae8466ee782f4c4bd9ba6f37cd.zip | |
Limit the number of elements in a consdiff hash line.
This avoids performing and then freeing a lot of small mallocs() if
the hash line has too many elements.
Fixes one case of bug 40472; resolves OSS-Fuzz 38363. Bugfix on
0.3.1.1-alpha when the consdiff parsing code was introduced.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug40472 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/changes/bug40472 b/changes/bug40472 new file mode 100644 index 0000000000..d87c1dc2cc --- /dev/null +++ b/changes/bug40472 @@ -0,0 +1,6 @@ + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack found + by OSS-Fuzz in our consensus-diff parsing code. This attack causes a + lot small of memory allocations and then immediately frees them: this + is only slow when running with all the sanitizers enabled. Fixes one + case of bug 40472; bugfix on 0.3.1.1-alpha. |