Re: [tor-bugs] #25251 [Core Tor/Tor]: Fix TROVE-2018-004: bad consensus can trigger null pointer crash. (was: Fix TROVE-2018-004)

[Tor Bug Tracker & Wiki]

#25251: Fix TROVE-2018-004: bad consensus can trigger null pointer crash.
+
 Reporter:  nickm   |  Owner:  nickm
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  033-must, 029-backport  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by nickm):

 * status:  assigned => closed
 * resolution:   => fixed


Old description:



New description:

 When checking their own versions against the subprotocol versions listed
 in a consensus document, Tor instances could be made to crash if the
 consensus was incorrectly formatted.

 This is a low-severity bug, since it can only be exploited by corrupting a
 majority of directory authorities.  (And any attacker who can do that, can
 do far worse.)

 We're tracking this one as TROVE-2018-004.  It was present in
 0.2.9.4-alpha and later.  It is fixed in 0.2.9.15, 0.3.1.10, 0.3.2.10, and
 0.3.3.3-alpha.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25251 [Core Tor/Tor]: Fix TROVE-2018-004

[Tor Bug Tracker & Wiki]

#25251: Fix TROVE-2018-004
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  033-must, 029-backport
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs