Merge branch 'maint-0.3.5' into maint-0.4.4

5ec57961 · Nick Mathewson · 2eb900f7 · f078aab7 · 5ec57961 · 5ec57961
Commit 5ec57961 authored Mar 15, 2021 by Nick Mathewson 👁
--- a/changes/bug40316
+++ b/changes/bug40316
+  o Major bugfixes (security, denial of service):
+    - Fix a bug in appending detached signatures to a pending consensus
+      document that could be used to crash a directory authority.
+      Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as
+      TROVE-2021-002 and CVE-2021-28090.
--- a/src/feature/dirauth/dirvote.c
+++ b/src/feature/dirauth/dirvote.c
@@ -3576,7 +3576,7 @@ dirvote_add_signatures_to_pending_consensus(
      strlen(pc->body) + strlen(new_signatures) + 1;
    pc->body = tor_realloc(pc->body, new_consensus_len);
    dst_end = pc->body + new_consensus_len;
-    dst = strstr(pc->body, "directory-signature ");
+    dst = (char *) find_str_at_start_of_line(pc->body, "directory-signature ");
    tor_assert(dst);
    strlcpy(dst, new_signatures, dst_end-dst);