From ede88c374cd61e1e362422718625707a770cffff Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 19 Feb 2021 12:31:19 -0500 Subject: Disable the dump_desc() function. It can be called with strings that should have been length-delimited, but which in fact are not. This can cause a CPU-DoS bug or, in a worse case, a crash. Since this function isn't essential, the best solution for older Tors is to just turn it off. Fixes bug 40286; bugfix on 0.2.2.1-alpha when dump_desc() was introduced. --- changes/ticket40286_minimal | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changes/ticket40286_minimal (limited to 'changes') diff --git a/changes/ticket40286_minimal b/changes/ticket40286_minimal new file mode 100644 index 0000000000..b8669debaa --- /dev/null +++ b/changes/ticket40286_minimal @@ -0,0 +1,5 @@ + o Major bugfixes (denial of service): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. + Fixes bug 40286; bugfix on 0.2.2.1-alpha. -- cgit v1.2.3-54-g00ecf