nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'link_negotiation_assert_024'

Browse Source
This commit is contained in:
Nick Mathewson 2012-10-25 10:21:01 -04:00
commit 48cdcc9d4a
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changes/link_negotiation_assert Normal file
View File

@ -0,0 +1,6 @@
o Major bugfixs (security):
- Fix a group of remotely triggerable assertion failures related to
incorrect link protocol negotiation. Found, diagnosed, and fixed
by "some guy from France." Fix for CVE-2012-2250; bugfix on
0.2.3.6-alpha.

9
src/or/channeltls.c
View File

@ -1229,6 +1229,15 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
"handshake. Closing connection."); "handshake. Closing connection.");
connection_or_close_for_error(chan->conn, 0); connection_or_close_for_error(chan->conn, 0);
return; return;
} else if (highest_supported_version != 2 &&
chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) {
/* XXXX This should eventually be a log_protocol_warn */
log_fn(LOG_WARN, LD_OR,
"Negotiated link with non-2 protocol after doing a v2 TLS "
"handshake with %s. Closing connection.",
fmt_addr(&chan->conn->base_.addr));
connection_or_close_for_error(chan->conn, 0);
return;
} }
chan->conn->link_proto = highest_supported_version; chan->conn->link_proto = highest_supported_version;