tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 3268403ba1fac9366575f4511b9f46d2b7738039
parent cfeb063f2462ef374a77d38c39a14b88255dc8a5
Author: Nick Mathewson <nickm@torproject.org>
Date:   Mon, 15 Mar 2021 09:01:59 -0400

Merge branch 'maint-0.4.5'

Diffstat:

Achanges/bug40316 | 5+++++


Msrc/feature/dirauth/dirvote.c | 2+-


2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/changes/bug40316 b/changes/bug40316
@@ -0,0 +1,5 @@
+  o Major bugfixes (security, denial of service):
+    - Fix a bug in appending detached signatures to a pending consensus
+      document that could be used to crash a directory authority.
+      Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as
+      TROVE-2021-002 and CVE-2021-28090.
diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c
@@ -3610,7 +3610,7 @@ dirvote_add_signatures_to_pending_consensus(
       strlen(pc->body) + strlen(new_signatures) + 1;
     pc->body = tor_realloc(pc->body, new_consensus_len);
     dst_end = pc->body + new_consensus_len;
-    dst = strstr(pc->body, "directory-signature ");
+    dst = (char *) find_str_at_start_of_line(pc->body, "directory-signature ");
     tor_assert(dst);
     strlcpy(dst, new_signatures, dst_end-dst);