[tor-bugs] #9901 [TorBrowserButton]: DoS of TBB when no Content-Type header and more than 512 bytes of content are sent
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 5 09:59:03 UTC 2014
#9901: DoS of TBB when no Content-Type header and more than 512 bytes of content
are sent
-------------------------+-------------------------------------------------
Reporter: sqrt2 | Owner: mikeperry
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: | Version:
TorBrowserButton | Keywords: tbb-usability, interview, tbb-
Resolution: | crash, MikePerry201401R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by sqrt2):
torbutton -b bug_9901_v4 seems to be working, however, when I first tried
it, I've come across the following behaviour that I cannot reproduce right
now:
While going to <http://cdimage.debian.org/debian-cd/7.3.0/i386/iso-dvd/>
and clicking the MD5SUMS file works, pasting the URL
<http://cdimage.debian.org/debian-cd/7.3.0/i386/iso-dvd/MD5SUMS> to the
address bar now opens Startpage with the URL as a search term; not so if I
leave out the "http://", however.
I suppose if there is no concern that there could be a race condition or
something similar (I //am// currently running at close to 100% CPU on all
cores for unrelated reasons), we can credit this to solar flares or
whatever seems marginally plausible within the employed philosophical
framework.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:85>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list