Merge branch 'maint-0.3.5' into maint-0.4.4

2eb900f7 · Nick Mathewson · b9f65390 · efca9ce4 · 2eb900f7 · 2eb900f7
Commit 2eb900f7 authored Mar 15, 2021 by Nick Mathewson 👁
--- a/changes/ticket40286_minimal
+++ b/changes/ticket40286_minimal
-  o Major bugfixes (denial of service):
+  o Major bugfixes (security, denial of service):
    - Disable the dump_desc() function that we used to dump unparseable
      information to disk. It was called incorrectly in several places,
-      in a way that could lead to excessive CPU usage.
+      in a way that could lead to excessive CPU usage.  Fixes bug 40286;
-      Fixes bug 40286; bugfix on 0.2.2.1-alpha.
+      bugfix on 0.2.2.1-alpha. This bug is also tracked as
+      TROVE-2021-001 and CVE-2021-28089.
--- a/src/feature/dirparse/unparseable.c
+++ b/src/feature/dirparse/unparseable.c
@@ -498,8 +498,11 @@ dump_desc,(const char *desc, const char *type))
  tor_assert(desc);
  tor_assert(type);
 #ifndef TOR_UNIT_TESTS
-  /* On older versions of Tor we are disabling this function, since it
+  /* For now, we are disabling this function, since it can be called with
-   * can be called with strings that are far too long. */
+   * strings that are far too long.  We can turn it back on if we fix it
+   * someday, but we'd need to give it a length argument. A likelier
+   * resolution here is simply to remove this module entirely.  See tor#40286
+   * for background. */
  if (1)
    return;
 #endif