nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 13:06:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
800797e7f3
tor/changes/trove-2017-005
David Goulet 56a7c5bc15 TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell 
On an hidden service rendezvous circuit, a BEGIN_DIR could be sent
(maliciously) which would trigger a tor_assert() because
connection_edge_process_relay_cell() thought that the circuit is an
or_circuit_t but is an origin circuit in reality.

Fixes #22494

Reported-by: Roger Dingledine <arma@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-08 09:21:10 -04:00

8 lines
287 B
Plaintext
Raw Blame History

o Major bugfixes (hidden service, relay, security):
- Fix an assertion failure caused by receiving a BEGIN_DIR cell on
a hidden service rendezvous circuit. Fixes bug 22494, tracked as
TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found
by armadev.
Reference in New Issue View Git Blame Copy Permalink