[tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 22 11:43:05 UTC 2013
#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+----------------------------------
Reporter: sqrt2 | Owner: mikeperry
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: | Keywords: tbb dos content-type
Actual Points: | Parent ID:
Points: |
----------------------------------+----------------------------------
Changes (by cypherpunks):
* status: new => needs_review
Comment:
Problem is "return null" from external-app-blocker.js
Removing it solves everything except spamming of error console with
warning, that is why hack with returning null was needed in first place.
Proposed new hack solves noise in console by returning string "text/plain"
that code can accept. Code will use "text/plain" anyway for case like this
ticket describes. Hopes nothing another will be broken with new hack. Need
to test.
Patch attached to ticket.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list