[tor-commits] [tor/release-0.2.9] Correctly handle NULL returns from parse_protocol_list when voting.
nickm at torproject.org
nickm at torproject.org
Sat Mar 3 13:17:12 UTC 2018
commit 65f2eec694f18a64291cc85317b9f22dacc1d8e4
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Feb 1 16:33:52 2018 -0500
Correctly handle NULL returns from parse_protocol_list when voting.
In some cases we had checked for it, but in others we had not. One
of these cases could have been used to remotely cause
denial-of-service against directory authorities while they attempted
to vote.
Fixes TROVE-2018-001.
---
changes/trove-2018-001.1 | 6 ++++++
src/or/protover.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/changes/trove-2018-001.1 b/changes/trove-2018-001.1
new file mode 100644
index 000000000..f0ee92f40
--- /dev/null
+++ b/changes/trove-2018-001.1
@@ -0,0 +1,6 @@
+ o Major bugfixes (denial-of-service, directory authority):
+ - Fix a protocol-list handling bug that could be used to remotely crash
+ directory authorities with a null-pointer exception. Fixes bug 25074;
+ bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001.
+
+
diff --git a/src/or/protover.c b/src/or/protover.c
index 98957cabd..a75077462 100644
--- a/src/or/protover.c
+++ b/src/or/protover.c
@@ -554,6 +554,12 @@ protover_compute_vote(const smartlist_t *list_of_proto_strings,
// First, parse the inputs and break them into singleton entries.
SMARTLIST_FOREACH_BEGIN(list_of_proto_strings, const char *, vote) {
smartlist_t *unexpanded = parse_protocol_list(vote);
+ if (! unexpanded) {
+ log_warn(LD_NET, "I failed with parsing a protocol list from "
+ "an authority. The offending string was: %s",
+ escaped(vote));
+ continue;
+ }
smartlist_t *this_vote = expand_protocol_list(unexpanded);
if (this_vote == NULL) {
log_warn(LD_NET, "When expanding a protocol list from an authority, I "
More information about the tor-commits
mailing list