Explorar o código

Correctly handle NULL returns from parse_protocol_list when voting.

In some cases we had checked for it, but in others we had not.  One
of these cases could have been used to remotely cause
denial-of-service against directory authorities while they attempted
to vote.

Fixes TROVE-2018-001.
Nick Mathewson %!s(int64=6) %!d(string=hai) anos
pai
achega
65f2eec694
Modificáronse 2 ficheiros con 12 adicións e 0 borrados
  1. 6 0
      changes/trove-2018-001.1
  2. 6 0
      src/or/protover.c

+ 6 - 0
changes/trove-2018-001.1

@@ -0,0 +1,6 @@
+  o Major bugfixes (denial-of-service, directory authority):
+    - Fix a protocol-list handling bug that could be used to remotely crash
+      directory authorities with a null-pointer exception. Fixes bug 25074;
+      bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001.
+
+

+ 6 - 0
src/or/protover.c

@@ -554,6 +554,12 @@ protover_compute_vote(const smartlist_t *list_of_proto_strings,
   // First, parse the inputs and break them into singleton entries.
   SMARTLIST_FOREACH_BEGIN(list_of_proto_strings, const char *, vote) {
     smartlist_t *unexpanded = parse_protocol_list(vote);
+    if (! unexpanded) {
+      log_warn(LD_NET, "I failed with parsing a protocol list from "
+               "an authority. The offending string was: %s",
+               escaped(vote));
+      continue;
+    }
     smartlist_t *this_vote = expand_protocol_list(unexpanded);
     if (this_vote == NULL) {
       log_warn(LD_NET, "When expanding a protocol list from an authority, I "