Add another NULL-pointer fix for protover.c.
This one can only be exploited if you can generate a correctly signed consensus, so it's not as bad as 25074. Fixes bug 25251; also tracked as TROVE-2018-004.
This commit is contained in:
parent
65f2eec694
commit
a83650852d
|
@ -0,0 +1,8 @@
|
||||||
|
o Minor bugfixes (denial-of-service):
|
||||||
|
- Fix a possible crash on malformed consensus. If a consensus had
|
||||||
|
contained an unparseable protocol line, it could have made clients
|
||||||
|
and relays crash with a null-pointer exception. To exploit this
|
||||||
|
issue, however, an attacker would need to be able to subvert the
|
||||||
|
directory-authority system. Fixes bug 25251; bugfix on
|
||||||
|
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||||
|
|
|
@ -624,6 +624,11 @@ protover_all_supported(const char *s, char **missing_out)
|
||||||
}
|
}
|
||||||
|
|
||||||
smartlist_t *entries = parse_protocol_list(s);
|
smartlist_t *entries = parse_protocol_list(s);
|
||||||
|
if (BUG(entries == NULL)) {
|
||||||
|
log_warn(LD_NET, "Received an unparseable protocol list %s"
|
||||||
|
" from the consensus", escaped(s));
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
missing = smartlist_new();
|
missing = smartlist_new();
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue