nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 13:06:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
9202087760
tor/changes/bug15823
John Brooks 053e11f397 Fix out-of-bounds read in INTRODUCE2 client auth 
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-02-07 08:31:37 -05:00

5 lines
200 B
Plaintext
Raw Blame History

o Minor bugfixes (hidden service):
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells
on a client authorized hidden service. Fixes bug 15823; bugfix
on 0.2.1.6-alpha.
Reference in New Issue View Git Blame Copy Permalink