Loading changes/ticket40286_minimal +4 −3 Original line number Diff line number Diff line o Major bugfixes (denial of service): o Major bugfixes (security, denial of service): - Disable the dump_desc() function that we used to dump unparseable information to disk. It was called incorrectly in several places, in a way that could lead to excessive CPU usage. Fixes bug 40286; bugfix on 0.2.2.1-alpha. in a way that could lead to excessive CPU usage. Fixes bug 40286; bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021-001 and CVE-2021-28089. src/feature/dirparse/unparseable.c +5 −2 Original line number Diff line number Diff line Loading @@ -498,8 +498,11 @@ dump_desc,(const char *desc, const char *type)) tor_assert(desc); tor_assert(type); #ifndef TOR_UNIT_TESTS /* On older versions of Tor we are disabling this function, since it * can be called with strings that are far too long. */ /* For now, we are disabling this function, since it can be called with * strings that are far too long. We can turn it back on if we fix it * someday, but we'd need to give it a length argument. A likelier * resolution here is simply to remove this module entirely. See tor#40286 * for background. */ if (1) return; #endif Loading Loading
changes/ticket40286_minimal +4 −3 Original line number Diff line number Diff line o Major bugfixes (denial of service): o Major bugfixes (security, denial of service): - Disable the dump_desc() function that we used to dump unparseable information to disk. It was called incorrectly in several places, in a way that could lead to excessive CPU usage. Fixes bug 40286; bugfix on 0.2.2.1-alpha. in a way that could lead to excessive CPU usage. Fixes bug 40286; bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021-001 and CVE-2021-28089.
src/feature/dirparse/unparseable.c +5 −2 Original line number Diff line number Diff line Loading @@ -498,8 +498,11 @@ dump_desc,(const char *desc, const char *type)) tor_assert(desc); tor_assert(type); #ifndef TOR_UNIT_TESTS /* On older versions of Tor we are disabling this function, since it * can be called with strings that are far too long. */ /* For now, we are disabling this function, since it can be called with * strings that are far too long. We can turn it back on if we fix it * someday, but we'd need to give it a length argument. A likelier * resolution here is simply to remove this module entirely. See tor#40286 * for background. */ if (1) return; #endif Loading
