[tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 19 15:00:24 UTC 2014
#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+---------------------------
Reporter: sqrt2 | Owner: mikeperry
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: | Keywords: tbb-usability
Actual Points: | Parent ID:
Points: |
----------------------------------+---------------------------
Comment (by cypherpunks):
You can't bypass exception logging in JavaScript using null.
{{{
ACString getTypeFromURI (in nsIURI aURI)
}}}
And you can't return null, it will be converted to ACString and passed to
core as content type. That means you passes non empty content type for any
case even if string is empty, and if code nothing knows about this type it
going to do something bad.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:66>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list