commit 52d7af631cb1075289ba519d0c3b89e0b5816f5e parent 072e194a15e9aa0e75c6723763a69476f4f31b93 Author: Nick Mathewson <nickm@torproject.org> Date: Thu, 30 Nov 2017 12:07:26 -0500 Merge branch 'trove-2017-010_029' into maint-0.2.9 Diffstat:
| A | changes/trove-2017-010 | | | 6 | ++++++ |
| M | src/or/protover.c | | | 5 | +++++ |
2 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/changes/trove-2017-010 b/changes/trove-2017-010 @@ -0,0 +1,6 @@ + o Major bugfixes (security): + - Fix a denial-of-service issue where an attacker could crash + a directory authority using a malformed router descriptor. + Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked + as TROVE-2017-010 and CVE-2017-8820. + diff --git a/src/or/protover.c b/src/or/protover.c @@ -694,6 +694,11 @@ protocol_list_contains(const smartlist_t *protos, const char * protover_compute_for_old_tor(const char *version) { + if (version == NULL) { + /* No known version; guess the oldest series that is still supported. */ + version = "0.2.5.15"; + } + if (tor_version_as_new_as(version, FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS)) { return "";