From 86819229afde13ae8466ee782f4c4bd9ba6f37cd Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 6 Dec 2021 12:35:08 -0500 Subject: Limit the number of elements in a consdiff hash line. This avoids performing and then freeing a lot of small mallocs() if the hash line has too many elements. Fixes one case of bug 40472; resolves OSS-Fuzz 38363. Bugfix on 0.3.1.1-alpha when the consdiff parsing code was introduced. --- changes/bug40472 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 changes/bug40472 (limited to 'changes') diff --git a/changes/bug40472 b/changes/bug40472 new file mode 100644 index 0000000000..d87c1dc2cc --- /dev/null +++ b/changes/bug40472 @@ -0,0 +1,6 @@ + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack found + by OSS-Fuzz in our consensus-diff parsing code. This attack causes a + lot small of memory allocations and then immediately frees them: this + is only slow when running with all the sanitizers enabled. Fixes one + case of bug 40472; bugfix on 0.3.1.1-alpha. -- cgit v1.2.3-54-g00ecf