Fixes bug 24245; bugfix on 0.2.9.4-alpha. TROVE-2017-010.
@@ -0,0 +1,6 @@
+ o Major bugfixes (security):
+ - Fix a denial-of-service issue where an attacker could crash
+ a directory authority using a malformed router descriptor.
+ Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked
+ as TROVE-2017-010 and CVE-2017-8820.
+
@@ -694,6 +694,11 @@ protocol_list_contains(const smartlist_t *protos,
const char *
protover_compute_for_old_tor(const char *version)
{
+ if (version == NULL) {
+ /* No known version; guess the oldest series that is still supported. */
+ version = "0.2.5.15";
+ }
if (tor_version_as_new_as(version,
FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS)) {
return "";