nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 06:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
c442d85439
tor/changes
History
Nick Mathewson c442d85439 Fix a remotely triggerable assertion failure (CVE-2012-2250) 
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node, and to forward-port it to
0.2.4.
2012-10-23 23:09:21 -04:00
..
bug7190 Let 0.2.3 clients exit to internal addresses if they want 2012-10-23 17:18:01 -04:00
bug7191 Use the same changes file for bug7191 as in 0.2.[23] 2012-10-23 21:52:43 -04:00
bug7192 Fix parse_short_policy (bug 7192.) 2012-10-23 13:49:48 -04:00
link_negotiation_assert Fix a remotely triggerable assertion failure (CVE-2012-2250) 2012-10-23 23:09:21 -04:00
split_circuitbuild Move the circuit build timeout code into its own file. 2012-10-15 14:50:55 -04:00