nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 21:16:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
1dab1c8ad5
tor/changes/ticket40389
David Goulet adb248b6d6 TROVE-2021-003: Check layer_hint before half-closed end and resolve cells 
This issue was reported by Jann Horn part of Google's Project Zero.

Jann's one-sentence summary: entry/middle relays can spoof RELAY_END cells on
half-closed streams, which can lead to stream confusion between OP and
exit.

Fixes #40389
2021-06-10 08:50:05 -04:00

4 lines
190 B
Plaintext
Raw Blame History

o Major bugfixes (relay, TROVE):
- Don't allow entry or middle relays to spoof RELAY_END or RELAY_RESOLVED
cell on half-closed streams. Fixes bug 40389; bugfix on 0.3.5.1-alpha.
Reference in New Issue View Git Blame Copy Permalink