[tor-commits] [tor/maint-0.3.3] rust/protover: use .and_not_in() instead of .retain() in all_supported()

nickm at torproject.org nickm at torproject.org
Tue Sep 18 12:33:22 UTC 2018


commit c613d5513491861431c2852cf4072ae256ba2c67
Author: cypherpunks <cypherpunks at torproject.org>
Date:   Thu Aug 9 21:26:10 2018 +0000

    rust/protover: use .and_not_in() instead of .retain() in all_supported()
    
    .retain() would allocating a Vec of billions of integers and check them
    one at a time to separate the supported versions from the unsupported.
    This leads to a memory DoS.
    
    Closes ticket 27206. Bugfix on e6625113c98c281b0a649598d7daa347c28915e9.
---
 changes/bug27206                    | 4 ++++
 src/rust/protover/protover.rs       | 4 +---
 src/rust/protover/tests/protover.rs | 8 ++++----
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/changes/bug27206 b/changes/bug27206
new file mode 100644
index 000000000..c0fbbed70
--- /dev/null
+++ b/changes/bug27206
@@ -0,0 +1,4 @@
+  o Minor bugfixes (rust):
+    - protover_all_supported() would attempt to allocate up to 16GB on some
+      inputs, leading to a potential memory DoS. Fixes bug 27206; bugfix on
+      0.3.3.5-rc.
diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs
index b3563b063..c11c7c180 100644
--- a/src/rust/protover/protover.rs
+++ b/src/rust/protover/protover.rs
@@ -365,7 +365,6 @@ impl UnvalidatedProtoEntry {
 
             let maybe_supported_versions: Option<&ProtoSet> = supported.get(&supported_protocol);
             let supported_versions: &ProtoSet;
-            let mut unsupported_versions: ProtoSet;
 
             // If the protocol wasn't in the map, then we don't know about it
             // and don't support any of its versions.  Add its versions to the
@@ -378,8 +377,7 @@ impl UnvalidatedProtoEntry {
             } else {
                 supported_versions = maybe_supported_versions.unwrap();
             }
-            unsupported_versions = versions.clone();
-            unsupported_versions.retain(|x| !supported_versions.contains(x));
+            let unsupported_versions = versions.and_not_in(supported_versions);
 
             if !unsupported_versions.is_empty() {
                 unsupported.insert(protocol.clone(), unsupported_versions);
diff --git a/src/rust/protover/tests/protover.rs b/src/rust/protover/tests/protover.rs
index 59a4b5a8a..9258d869d 100644
--- a/src/rust/protover/tests/protover.rs
+++ b/src/rust/protover/tests/protover.rs
@@ -354,18 +354,18 @@ fn protover_all_supported_should_exclude_some_versions_and_entire_protocols() {
 
 #[test]
 fn protover_all_supported_should_not_dos_anyones_computer() {
-    let proto: UnvalidatedProtoEntry = "Sleen=1-2147483648".parse().unwrap();
+    let proto: UnvalidatedProtoEntry = "Link=1-2147483648".parse().unwrap();
     let result: String = proto.all_supported().unwrap().to_string();
 
-    assert_eq!(result, "Sleen=1-2147483648".to_string());
+    assert_eq!(result, "Link=6-2147483648".to_string());
 }
 
 #[test]
 fn protover_all_supported_should_not_dos_anyones_computer_max_versions() {
-    let proto: UnvalidatedProtoEntry = "Sleen=1-4294967294".parse().unwrap();
+    let proto: UnvalidatedProtoEntry = "Link=1-4294967294".parse().unwrap();
     let result: String = proto.all_supported().unwrap().to_string();
 
-    assert_eq!(result, "Sleen=1-4294967294".to_string());
+    assert_eq!(result, "Link=6-4294967294".to_string());
 }
 
 #[test]





More information about the tor-commits mailing list