[tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jan 18 05:33:00 UTC 2014
#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+---------------------------
Reporter: sqrt2 | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: | Keywords: tbb-usability
Actual Points: | Parent ID:
Points: |
----------------------------------+---------------------------
Comment (by mikeperry):
Wild guess: What happens if we return "" instead of NULL or "text/plain"?
The key property we want is for the content sniffing to still kick in if
the type is empty, rather than hack it to some default type and have
behavior change.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list