Handle NULL input to protover_compute_for_old_tor()

Fixes bug 24245; bugfix on 0.2.9.4-alpha. TROVE-2017-010.
2017-11-11 13:56:35 -05:00 · 2017-11-11 13:56:35 -05:00 · 2c0487ecfb
parent 9666c620d5
commit 2c0487ecfb
2 changed files with 11 additions and 0 deletions
--- a/changes/trove-2017-010
+++ b/changes/trove-2017-010
@ -0,0 +1,6 @@
+  o Major bugfixes (security):
+    - Fix a denial-of-service issue where an attacker could crash
+      a directory authority using a malformed router descriptor.
+      Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked
+      as TROVE-2017-010 and CVE-2017-8820.
+
--- a/src/or/protover.c
+++ b/src/or/protover.c
@ -694,6 +694,11 @@ protocol_list_contains(const smartlist_t *protos,
 const char *
 protover_compute_for_old_tor(const char *version)
 {
+  if (version == NULL) {
+    /* No known version; guess the oldest series that is still supported. */
+    version = "0.2.5.15";
+  }
+
  if (tor_version_as_new_as(version,
                            FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS)) {
    return "";