Opened 4 months ago

Closed 4 months ago

#25250 closed defect (fixed)

Infinite loop in Rust protover implementation (TROVE-2018-003)

Reported by: nickm Owned by: nickm
Priority: High Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 033-must
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Our rust protover implementation has a denial-of-service problem on certain inputs.

Found by Teor. Calling this a "low-severity", since by default it would be medium-severity, but the rust protover code is uncommonly used and experimental.

Child Tickets

Change History (3)

comment:1 Changed 4 months ago by nickm

Priority: MediumHigh
Status: assignedneeds_review

There's a patch for this in my branch protover_rust_compat_v3, along with fixes for #25252.

comment:2 Changed 4 months ago by teor

Status: needs_reviewmerge_ready

Reviewed in #25252

comment:3 Changed 4 months ago by nickm

Resolution: fixed
Status: merge_readyclosed

merging!

Note: See TracTickets for help on using tickets.