commit 95b82c4feede91e18ec24dafeb382208186a9791
parent 39848ca1669b25135d484aa23cfbb0a796dc0e63
Author: Alexander Færøy <ahf@torproject.org>
Date: Wed, 15 Dec 2021 12:38:30 +0000
Merge remote-tracking branch 'tor-gitlab/mr/497' into main
Diffstat:
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/changes/bug40472 b/changes/bug40472
@@ -0,0 +1,6 @@
+ o Minor bugfixes (performance, DoS):
+ - Fix one case of a not-especially viable denial-of-service attack found
+ by OSS-Fuzz in our consensus-diff parsing code. This attack causes a
+ lot small of memory allocations and then immediately frees them: this
+ is only slow when running with all the sanitizers enabled. Fixes one
+ case of bug 40472; bugfix on 0.3.1.1-alpha.
diff --git a/src/feature/dircommon/consdiff.c b/src/feature/dircommon/consdiff.c
@@ -1128,7 +1128,7 @@ consdiff_get_digests(const smartlist_t *diff,
{
const cdline_t *line2 = smartlist_get(diff, 1);
char *h = tor_memdup_nulterm(line2->s, line2->len);
- smartlist_split_string(hash_words, h, " ", 0, 0);
+ smartlist_split_string(hash_words, h, " ", 0, 4);
tor_free(h);
}
