Merge branch 'link_negotiation_assert_024'

This commit is contained in:
Nick Mathewson 2012-10-25 10:21:01 -04:00
commit 48cdcc9d4a
2 changed files with 15 additions and 0 deletions

View File

@ -0,0 +1,6 @@
o Major bugfixs (security):
- Fix a group of remotely triggerable assertion failures related to
incorrect link protocol negotiation. Found, diagnosed, and fixed
by "some guy from France." Fix for CVE-2012-2250; bugfix on
0.2.3.6-alpha.

View File

@ -1229,6 +1229,15 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
"handshake. Closing connection.");
connection_or_close_for_error(chan->conn, 0);
return;
} else if (highest_supported_version != 2 &&
chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) {
/* XXXX This should eventually be a log_protocol_warn */
log_fn(LOG_WARN, LD_OR,
"Negotiated link with non-2 protocol after doing a v2 TLS "
"handshake with %s. Closing connection.",
fmt_addr(&chan->conn->base_.addr));
connection_or_close_for_error(chan->conn, 0);
return;
}
chan->conn->link_proto = highest_supported_version;