nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 21:16:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
ae15b55173
tor/changes/link_negotiation_assert
Nick Mathewson 758428dd32 Fix a remotely triggerable assertion failure (CVE-2012-2250) 
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node.
2012-10-23 22:58:38 -04:00

7 lines
261 B
Plaintext
Raw Blame History

o Major bugfixs (security):
- Fix a group of remotely triggerable assertion failures related to
incorrect link protocol negotiation. Found, diagnosed, and fixed
by "some guy from France." Fix for CVE-2012-2250; bugfix on
0.2.3.6-alpha.
Reference in New Issue View Git Blame Copy Permalink