Add another NULL-pointer fix for protover.c.
This one can only be exploited if you can generate a correctly signed consensus, so it's not as bad as 25074. Fixes bug 25251; also tracked as TROVE-2018-004.
This commit is contained in:
parent
65f2eec694
commit
a83650852d
|
@ -0,0 +1,8 @@
|
|||
o Minor bugfixes (denial-of-service):
|
||||
- Fix a possible crash on malformed consensus. If a consensus had
|
||||
contained an unparseable protocol line, it could have made clients
|
||||
and relays crash with a null-pointer exception. To exploit this
|
||||
issue, however, an attacker would need to be able to subvert the
|
||||
directory-authority system. Fixes bug 25251; bugfix on
|
||||
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||
|
|
@ -624,6 +624,11 @@ protover_all_supported(const char *s, char **missing_out)
|
|||
}
|
||||
|
||||
smartlist_t *entries = parse_protocol_list(s);
|
||||
if (BUG(entries == NULL)) {
|
||||
log_warn(LD_NET, "Received an unparseable protocol list %s"
|
||||
" from the consensus", escaped(s));
|
||||
return 1;
|
||||
}
|
||||
|
||||
missing = smartlist_new();
|
||||
|
||||
|
|
Loading…
Reference in New Issue