Commit ede88c37 authored by Nick Mathewson's avatar Nick Mathewson 🐛
Browse files

Disable the dump_desc() function.

It can be called with strings that should have been
length-delimited, but which in fact are not.  This can cause a
CPU-DoS bug or, in a worse case, a crash.

Since this function isn't essential, the best solution for older
Tors is to just turn it off.

Fixes bug 40286; bugfix on 0.2.2.1-alpha when dump_desc() was
introduced.
parent 21317c92
o Major bugfixes (denial of service):
- Disable the dump_desc() function that we used to dump unparseable
information to disk. It was called incorrectly in several places,
in a way that could lead to excessive CPU usage.
Fixes bug 40286; bugfix on 0.2.2.1-alpha.
......@@ -492,6 +492,12 @@ dump_desc,(const char *desc, const char *type))
{
tor_assert(desc);
tor_assert(type);
#ifndef TOR_UNIT_TESTS
/* On older versions of Tor we are disabling this function, since it
* can be called with strings that are far too long. */
if (1)
return;
#endif
size_t len;
/* The SHA256 of the string */
uint8_t digest_sha256[DIGEST256_LEN];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment