#2683: authority received unparseable routerstatus entry
-------------------------------------+--------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Directory Authority | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------------------+--------------------------------------
Changes (by rransom):
* priority: normal => critical
Comment:
Replying to [comment:4 arma]:
> Are we really calling strlen on an arbitrary vote blob we got from the
network?
Yes, even though that's the wrong way to determine the length of that
particular blob. And worse, we're calling `strlen` on a blob some fuzzer
handed us ''after we parse it''.
Unfortunately, I don't see a nice way to check the signature before we
feed a potential fuzz-bomb through our parser.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2683#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
