[tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 19 16:03:34 UTC 2014
#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+---------------------------
Reporter: sqrt2 | Owner: mikeperry
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: | Keywords: tbb-usability
Actual Points: | Parent ID:
Points: |
----------------------------------+---------------------------
Comment (by cypherpunks):
>you passes non empty content type for any case even if string is empty
Or content type is empty actually, and if firefox was build with debug
enabled then
{{{
if (SniffURI(aRequest)) {
NS_ASSERTION(!mContentType.IsEmpty(),
"Content type should be known by now.");
return;
}
}}}
triggered.
Test it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:67>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list